Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

After removal, Malwarebytes constantly show outgoing prevent...


  • This topic is locked This topic is locked
22 replies to this topic

#1 pithblitz

pithblitz

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:02:52 AM

Posted 16 September 2013 - 02:09 PM

After running every possible scan I felt safe doing, Malwarebytes warns of an outgoing IP block from dllhost.exe every 30 seconds. I run netstat and the display just keeps going on and on, being a home PC this shouldn't be. Something has to be on this thing.... Any help? Thank you!

 

DDS logs

Attached Files



BC AdBot (Login to Remove)

 


#2 seedy21

seedy21

  • Malware Response Team
  • 742 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Yorkshire, UK
  • Local time:08:52 AM

Posted 16 September 2013 - 02:19 PM

Hi pithblitz and Welcome to BleepingComputer !

I am currently looking though your logs and will advice you on what to do in my next reply.

 


“It's only after we've lost everything that we're free to do anything.”
― Chuck Palahniuk, Fight Club

unite_blue.png


#3 pithblitz

pithblitz
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:02:52 AM

Posted 16 September 2013 - 05:07 PM

Thank you! I've already done Rkill, Mbam, Mbar, Eset Online, SAS, and Roguekiller...



#4 seedy21

seedy21

  • Malware Response Team
  • 742 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Yorkshire, UK
  • Local time:08:52 AM

Posted 17 September 2013 - 04:13 PM

Hello pithblitz
 

Sorry for the delay.

I'm Seedy21 and I will be helping you with your issues.

Please note the following information about the malware forum:

   

  • From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by me
       
  • Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
       
  • Please reply within 48 hours, if you are going to be away for longer please let us know or the topic will be closed for been inactive
       
  • If you are using Cracked or Illegal software your thread will be closed
       
  • Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close.

I can see evidence that you have run Combofix. This tool is to be used by Trained Eliminators and supervised trainees only.  This tool can disable your computer and in some cases can make it unbootable. More information about the tool can be found at :- http://www.bleepingcomputer.com/forums/t/273628/combofix-usage-questions-help-look-here/
 

Step 1

 

Let's see what Combofix has found. Please navigate to here :-
C:\Combofix.txt

 

Post the content in your next reply.

 

Step 2

 

Lets see what Malwarebytes is attempting to block. Please Navigate to the following :-

 

XP Users
%AllUsersProfile%\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs

Note: %AllUsersProfile% refers to the location of the "All Users" Windows profile, and is usually C:\Documents and Settings\All Users\

 

 

Vista/7 users
C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\Logs

 

Post the content in your next reply.

 

 

Step 3

Please download AdwCleaner by Xplode onto your desktop.

 

  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Vista/Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer.
  • After the scan has finished...
  • Click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.

Step 4

1. Download Malwarebytes Anti-Rootkit from this link http://www.malwarebytes.org/products/mbar/
2. Unzip the File to a convenient location. (Recommend the Desktop)
3. Open the folder where the contents were unzipped to run mbar.exe

Image1.png

4. Double-click on the mbar.exe file, you may receive a User Account Control prompt asking if you are sure you wish to allow the program to run. Please allow the program to run and MBAR will now start to install any necessary drivers that are required for the program to operate correctly. If a rootkit is interfering with the installation of the drivers you will see a message that states that the DDA driver was not installed and that you should reboot your computer to install it. You will see this image:

mbarwm.png

5. If you receive this message, please click on the Yes button and Malwarebytes Anti-Rootkit will now restart your computer. Once the computer is rebooted and you login, MBAR will automatically start and you will now be at the start screen. (If no Rootkit warning you will go from step 4 to 6.)

6. The following image opens, select Next.

Image2.png

7. The following image opens, select Update

Image3.png

8. When the Update completes, select Next

Image4.png

9. In the following window ensure "Targets" are ticked. Then select "Scan"

Image5.png

10. If an infection/s is found the "Cleanup Button" to remove threats will be available. A list of infected files will be listed like the following example:

MBAntiRKclean.png

11. Do not select the "Clean up Button" select the "Exit" button, there will be a warning as follows:

MBAntiRKclean1.png

12. Select "Yes" to close down the program. If NO infections were found you will see the following image:

Image6.png

13. Select "Exit" to close down.
14. Copy and paste the two following logs from the mbar folder:

System - log
Mbar - log   Date and time of scan will also be shown

Image10.png


Post those two logs in your reply.


Edited by seedy21, 17 September 2013 - 04:23 PM.

“It's only after we've lost everything that we're free to do anything.”
― Chuck Palahniuk, Fight Club

unite_blue.png


#5 pithblitz

pithblitz
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:02:52 AM

Posted 17 September 2013 - 05:24 PM

Thanks! Here's Combo.

 

ComboFix 13-09-13.03 - Sandra 09/13/2013  18:08:38.1.2 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.2812.1151 [GMT -4:00]
Running from: c:\users\Sandra\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\BasicSeek
c:\programdata\893686b8
c:\programdata\Microsoft\Windows\DRM\1D7B.tmp
c:\programdata\Microsoft\Windows\DRM\1F23.tmp
c:\programdata\Microsoft\Windows\DRM\29AF.tmp
c:\programdata\Microsoft\Windows\DRM\29F0.tmp
c:\programdata\Microsoft\Windows\DRM\2BC1.tmp
c:\programdata\Microsoft\Windows\DRM\2C00.tmp
c:\programdata\Microsoft\Windows\DRM\2C6F.tmp
c:\programdata\Microsoft\Windows\DRM\2C8F.tmp
c:\programdata\Microsoft\Windows\DRM\32E.tmp
c:\programdata\Microsoft\Windows\DRM\3A22.tmp
c:\programdata\Microsoft\Windows\DRM\3C47.tmp
c:\programdata\Microsoft\Windows\DRM\50F.tmp
c:\programdata\Microsoft\Windows\DRM\519C.tmp
c:\programdata\Microsoft\Windows\DRM\52A8.tmp
c:\programdata\Microsoft\Windows\DRM\669.tmp
c:\programdata\Microsoft\Windows\DRM\6C59.tmp
c:\programdata\Microsoft\Windows\DRM\6CC9.tmp
c:\programdata\Microsoft\Windows\DRM\726E.tmp
c:\programdata\Microsoft\Windows\DRM\731D.tmp
c:\programdata\Microsoft\Windows\DRM\7A92.tmp
c:\programdata\Microsoft\Windows\DRM\7B02.tmp
c:\programdata\Microsoft\Windows\DRM\8B20.tmp
c:\programdata\Microsoft\Windows\DRM\8BA0.tmp
c:\programdata\Microsoft\Windows\DRM\98D5.tmp
c:\programdata\Microsoft\Windows\DRM\9923.tmp
c:\programdata\Microsoft\Windows\DRM\9945.tmp
c:\programdata\Microsoft\Windows\DRM\9964.tmp
c:\programdata\Microsoft\Windows\DRM\C5ED.tmp
c:\programdata\Microsoft\Windows\DRM\CA13.tmp
c:\programdata\Microsoft\Windows\DRM\CAC1.tmp
c:\users\Sandra\AppData\Roaming\893686b8
c:\users\Sandra\GoToAssistDownloadHelper.exe
.
.
(((((((((((((((((((((((((   Files Created from 2013-08-13 to 2013-09-13  )))))))))))))))))))))))))))))))
.
.
2013-09-13 22:17 . 2013-09-13 22:17 -------- d-----w- c:\users\Judy\AppData\Local\temp
2013-09-13 22:17 . 2013-09-13 22:17 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-09-13 21:31 . 2013-08-06 08:58 9515512 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{88208DC2-1CAB-4445-8C4B-8742EFDB633D}\mpengine.dll
2013-09-13 08:13 . 2013-08-06 08:58 9515512 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-09-12 05:21 . 2013-07-26 02:24 14172672 ----a-w- c:\windows\system32\shell32.dll
2013-09-12 05:21 . 2013-07-26 02:24 197120 ----a-w- c:\windows\system32\shdocvw.dll
2013-09-11 14:39 . 2013-08-05 02:25 155584 ----a-w- c:\windows\system32\drivers\ataport.sys
2013-09-11 14:39 . 2013-08-02 01:59 3968960 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-09-11 14:39 . 2013-08-02 02:23 5550528 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-09-11 14:39 . 2013-08-02 01:59 3913664 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-09-11 14:39 . 2013-08-02 02:15 1732032 ----a-w- c:\windows\system32\ntdll.dll
2013-09-11 14:39 . 2013-08-02 02:13 424448 ----a-w- c:\windows\system32\KernelBase.dll
2013-09-11 14:39 . 2013-08-02 01:51 1292192 ----a-w- c:\windows\SysWow64\ntdll.dll
2013-09-11 14:39 . 2013-08-02 02:15 243712 ----a-w- c:\windows\system32\wow64.dll
2013-09-11 14:39 . 2013-08-02 02:13 1161216 ----a-w- c:\windows\system32\kernel32.dll
2013-09-11 14:39 . 2013-08-02 01:50 274944 ----a-w- c:\windows\SysWow64\KernelBase.dll
2013-09-11 14:39 . 2013-08-02 00:59 112640 ----a-w- c:\windows\system32\smss.exe
2013-09-11 14:36 . 2013-08-08 01:20 3155456 ----a-w- c:\windows\system32\win32k.sys
2013-09-08 03:23 . 2013-09-08 03:23 -------- d-----w- c:\programdata\Recovery
2013-09-07 23:29 . 2013-09-07 23:29 229984 ----a-w- c:\windows\system32\drivers\07433205.sys
2013-09-06 21:53 . 2013-09-06 21:53 965008 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{48C0B5B7-B88F-48F1-BAAA-AF7143760C85}\gapaengine.dll
2013-09-06 20:23 . 2013-09-07 16:15 -------- d---a-w- C:\Kaspersky Rescue Disk 10.0
2013-08-16 04:08 . 2013-09-12 07:37 -------- d-----w- c:\windows\system32\MRT
2013-08-15 12:13 . 2013-07-09 05:46 1472512 ----a-w- c:\windows\system32\crypt32.dll
2013-08-15 12:13 . 2013-07-09 04:46 1166848 ----a-w- c:\windows\SysWow64\crypt32.dll
2013-08-15 12:13 . 2013-07-09 05:52 224256 ----a-w- c:\windows\system32\wintrust.dll
2013-08-15 12:13 . 2013-07-09 04:52 175104 ----a-w- c:\windows\SysWow64\wintrust.dll
2013-08-15 12:13 . 2013-07-09 05:46 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2013-08-15 12:13 . 2013-07-09 05:46 139776 ----a-w- c:\windows\system32\cryptnet.dll
2013-08-15 12:13 . 2013-07-09 04:46 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2013-08-15 12:13 . 2013-07-09 04:46 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2013-08-15 12:13 . 2013-07-19 01:58 2048 ----a-w- c:\windows\system32\tzres.dll
2013-08-15 12:13 . 2013-07-19 01:41 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2013-08-15 12:12 . 2013-07-09 05:51 1217024 ----a-w- c:\windows\system32\rpcrt4.dll
2013-08-15 12:12 . 2013-07-09 04:52 663552 ----a-w- c:\windows\SysWow64\rpcrt4.dll
2013-08-15 12:12 . 2013-07-25 09:25 1888768 ----a-w- c:\windows\system32\WMVDECOD.DLL
2013-08-15 12:12 . 2013-07-25 08:57 1620992 ----a-w- c:\windows\SysWow64\WMVDECOD.DLL
2013-08-15 12:12 . 2013-06-15 04:32 39936 ----a-w- c:\windows\system32\drivers\tssecsrv.sys
2013-08-15 12:12 . 2013-07-06 06:03 1910208 ----a-w- c:\windows\system32\drivers\tcpip.sys
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-09-13 20:46 . 2012-07-22 22:36 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-09-13 20:46 . 2012-03-18 23:37 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-09-12 07:34 . 2010-04-12 11:46 79143768 ----a-w- c:\windows\system32\MRT.exe
2013-08-22 12:06 . 2013-03-12 19:33 941720 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2013-08-02 01:48 . 2013-09-11 14:38 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2013-06-19 01:50 . 2013-06-19 01:50 247216 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2013-06-19 01:50 . 2012-08-31 03:03 139616 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{2421d847-721c-404f-87b4-bbd2b95d1087}]
2011-05-09 08:49 176936 ----a-w- c:\program files (x86)\SocialSearchBar_App\prxtbSoci.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{2421d847-721c-404f-87b4-bbd2b95d1087}"= "c:\program files (x86)\SocialSearchBar_App\prxtbSoci.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{2421d847-721c-404f-87b4-bbd2b95d1087}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NortonOnlineBackupReminder"="c:\program files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" [2009-06-29 600936]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"FUFAXRCV"="c:\program files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe" [2012-02-29 502912]
"FUFAXSTM"="c:\program files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe" [2012-02-29 863360]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 EpsonScanSvc;Epson Scanner Service;c:\windows\system32\EscSvc64.exe;c:\windows\SYSNATIVE\EscSvc64.exe [x]
R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys;c:\windows\SYSNATIVE\DRIVERS\netw5v64.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys;c:\windows\SYSNATIVE\DRIVERS\revoflt.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x]
R3 ssmirrdr;ssmirrdr;c:\windows\system32\DRIVERS\ssmirrdr.sys;c:\windows\SYSNATIVE\DRIVERS\ssmirrdr.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys;c:\windows\SYSNATIVE\DRIVERS\yk62x64.sys [x]
R4 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe;c:\windows\SYSNATIVE\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe [x]
R4 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
R4 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [x]
R4 EpsonCustomerParticipation;EpsonCustomerParticipation;c:\program files\EPSON\EpsonCustomerParticipation\EPCP.exe;c:\program files\EPSON\EpsonCustomerParticipation\EPCP.exe [x]
R4 IHA_MessageCenter;IHA_MessageCenter;c:\program files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe;c:\program files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [x]
R4 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys;c:\windows\SYSNATIVE\DRIVERS\Rts516xIR.sys [x]
S0 gfibto;gfibto;c:\windows\system32\drivers\gfibto.sys;c:\windows\SYSNATIVE\drivers\gfibto.sys [x]
S1 MpKslb8bea4f9;MpKslb8bea4f9;c:\windows\Temp\MpKslb8bea4f9.sys;c:\windows\Temp\MpKslb8bea4f9.sys [x]
S2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
S2 TeamViewer8;TeamViewer 8;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [x]
S3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-03-19 15:15 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-09-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-22 20:46]
.
2013-09-12 c:\windows\Tasks\HPCeeScheduleForSandra.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2009-10-07 11:22]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-06-21 1356240]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = https://webmail.verizon.net/signin/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 10.0.0.1
DPF: {8BE5651C-D60B-4B59-B5B2-F0EB93733D17} - hxxps://www36.verizon.com/FiOSVoice/UnProtected/FiosVoiceVMUtil.CAB
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-SupportSoft - c:\users\Sandra\AppData\Local\ABBYY\SupportSoft\icceml.dll
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
SafeBoot-12503598.sys
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
BHO-{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD} - c:\program files\Updater By SweetPacks\Extension64.dll
WebBrowser-{2421D847-721C-404F-87B4-BBD2B95D1087} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_174_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_174_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_174_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_174_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_174.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_174.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_174.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_174.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-09-13  18:23:25
ComboFix-quarantined-files.txt  2013-09-13 22:23
.
Pre-Run: 168,611,467,264 bytes free
Post-Run: 168,347,664,384 bytes free
.
- - End Of File - - 16F26071A8795069288D0B8F8D5870A3
D9C369DDA37A0CC44A095EF41713790A
 



Here's Malwarebytes protection....

 

2013/09/17 00:01:00 -0400 SANDRA-PC Sandra MESSAGE Executing scheduled update:  Flash Scan | Realtime
2013/09/17 00:01:01 -0400 SANDRA-PC Sandra MESSAGE Database already up-to-date
2013/09/17 00:02:17 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 58847, Process: dllhost.exe)
2013/09/17 00:02:17 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 58848, Process: dllhost.exe)
2013/09/17 00:02:17 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 58849, Process: dllhost.exe)
2013/09/17 00:02:17 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 58850, Process: dllhost.exe)
2013/09/17 00:06:00 -0400 SANDRA-PC Sandra MESSAGE Executing scheduled update:  Flash Scan | Realtime
2013/09/17 00:06:01 -0400 SANDRA-PC Sandra MESSAGE Database already up-to-date
2013/09/17 00:10:00 -0400 SANDRA-PC Sandra MESSAGE Executing scheduled scan:  Quick Scan | Hourly | Silent | -remove | -terminate | -reboot | -log
2013/09/17 00:10:00 -0400 SANDRA-PC Sandra MESSAGE Scheduled scan executed successfully
2013/09/17 00:10:12 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 60609, Process: dllhost.exe)
2013/09/17 00:10:12 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 60610, Process: dllhost.exe)
2013/09/17 00:10:12 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 60611, Process: dllhost.exe)
2013/09/17 00:10:12 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 60612, Process: dllhost.exe)
2013/09/17 00:11:00 -0400 SANDRA-PC Sandra MESSAGE Executing scheduled update:  Flash Scan | Realtime
2013/09/17 00:11:01 -0400 SANDRA-PC Sandra MESSAGE Database already up-to-date
2013/09/17 00:12:14 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 61110, Process: dllhost.exe)
2013/09/17 00:12:14 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 61111, Process: dllhost.exe)
2013/09/17 00:12:14 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 61112, Process: dllhost.exe)
2013/09/17 00:12:14 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 61113, Process: dllhost.exe)
2013/09/17 00:14:41 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 61357, Process: dllhost.exe)
2013/09/17 00:14:41 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 61358, Process: dllhost.exe)
2013/09/17 00:14:41 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 61359, Process: dllhost.exe)
2013/09/17 00:14:41 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 61360, Process: dllhost.exe)
2013/09/17 00:16:00 -0400 SANDRA-PC Sandra MESSAGE Executing scheduled update:  Flash Scan | Realtime
2013/09/17 00:16:03 -0400 SANDRA-PC Sandra MESSAGE Database already up-to-date
2013/09/17 00:21:00 -0400 SANDRA-PC Sandra MESSAGE Executing scheduled update:  Flash Scan | Realtime
2013/09/17 00:21:01 -0400 SANDRA-PC Sandra MESSAGE Database already up-to-date
2013/09/17 00:26:00 -0400 SANDRA-PC Sandra MESSAGE Executing scheduled update:  Flash Scan | Realtime
2013/09/17 00:26:01 -0400 SANDRA-PC Sandra MESSAGE Database already up-to-date
2013/09/17 00:31:00 -0400 SANDRA-PC Sandra MESSAGE Executing scheduled update:  Flash Scan | Realtime
2013/09/17 00:31:02 -0400 SANDRA-PC Sandra MESSAGE Database already up-to-date
2013/09/17 00:33:59 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 50037, Process: dllhost.exe)
2013/09/17 00:33:59 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 50038, Process: dllhost.exe)
2013/09/17 00:33:59 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 50039, Process: dllhost.exe)
2013/09/17 00:33:59 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 50040, Process: dllhost.exe)
2013/09/17 00:36:00 -0400 SANDRA-PC Sandra MESSAGE Executing scheduled update:  Flash Scan | Realtime
2013/09/17 00:36:01 -0400 SANDRA-PC Sandra MESSAGE Database already up-to-date
2013/09/17 00:41:00 -0400 SANDRA-PC Sandra MESSAGE Executing scheduled update:  Flash Scan | Realtime
2013/09/17 00:41:01 -0400 SANDRA-PC Sandra MESSAGE Database already up-to-date
2013/09/17 00:46:00 -0400 SANDRA-PC Sandra MESSAGE Executing scheduled update:  Flash Scan | Realtime
2013/09/17 00:46:01 -0400 SANDRA-PC Sandra MESSAGE Database already up-to-date
2013/09/17 00:51:00 -0400 SANDRA-PC Sandra MESSAGE Executing scheduled update:  Flash Scan | Realtime
2013/09/17 00:51:01 -0400 SANDRA-PC Sandra MESSAGE Database already up-to-date
2013/09/17 00:56:00 -0400 SANDRA-PC Sandra MESSAGE Executing scheduled update:  Flash Scan | Realtime
2013/09/17 00:56:01 -0400 SANDRA-PC Sandra MESSAGE Database already up-to-date
2013/09/17 01:01:00 -0400 SANDRA-PC Sandra MESSAGE Executing scheduled update:  Flash Scan | Realtime
2013/09/17 01:01:01 -0400 SANDRA-PC Sandra MESSAGE Database already up-to-date
2013/09/17 01:02:23 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 54098, Process: dllhost.exe)
2013/09/17 01:02:23 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 54099, Process: dllhost.exe)
2013/09/17 01:02:23 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 54100, Process: dllhost.exe)
2013/09/17 01:03:44 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 54353, Process: dllhost.exe)
2013/09/17 01:03:44 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 54354, Process: dllhost.exe)
2013/09/17 01:03:44 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 54355, Process: dllhost.exe)
2013/09/17 01:03:44 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 54356, Process: dllhost.exe)
2013/09/17 01:06:00 -0400 SANDRA-PC Sandra MESSAGE Executing scheduled update:  Flash Scan | Realtime
2013/09/17 01:06:01 -0400 SANDRA-PC Sandra MESSAGE Database already up-to-date
2013/09/17 01:10:00 -0400 SANDRA-PC Sandra MESSAGE Executing scheduled scan:  Quick Scan | Hourly | Silent | -remove | -terminate | -reboot | -log
2013/09/17 01:10:00 -0400 SANDRA-PC Sandra MESSAGE Scheduled scan executed successfully
2013/09/17 01:11:00 -0400 SANDRA-PC Sandra MESSAGE Executing scheduled update:  Flash Scan | Realtime
2013/09/17 01:11:02 -0400 SANDRA-PC Sandra MESSAGE Database already up-to-date
2013/09/17 01:13:59 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 58244, Process: dllhost.exe)
2013/09/17 01:13:59 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 58245, Process: dllhost.exe)
2013/09/17 01:13:59 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 58246, Process: dllhost.exe)
2013/09/17 01:13:59 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 58247, Process: dllhost.exe)
2013/09/17 01:16:00 -0400 SANDRA-PC Sandra MESSAGE Executing scheduled update:  Flash Scan | Realtime
2013/09/17 01:16:01 -0400 SANDRA-PC Sandra MESSAGE Database already up-to-date
2013/09/17 01:21:00 -0400 SANDRA-PC Sandra MESSAGE Executing scheduled update:  Flash Scan | Realtime
2013/09/17 01:21:01 -0400 SANDRA-PC Sandra MESSAGE Database already up-to-date
2013/09/17 01:21:32 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 59533, Process: dllhost.exe)
2013/09/17 01:21:32 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 59534, Process: dllhost.exe)
2013/09/17 01:21:32 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 59535, Process: dllhost.exe)
2013/09/17 01:21:33 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 59536, Process: dllhost.exe)
2013/09/17 01:23:17 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 59680, Process: dllhost.exe)
2013/09/17 01:23:17 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 59681, Process: dllhost.exe)
2013/09/17 01:23:17 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 59682, Process: dllhost.exe)
2013/09/17 01:23:17 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 59683, Process: dllhost.exe)
2013/09/17 01:26:00 -0400 SANDRA-PC Sandra MESSAGE Executing scheduled update:  Flash Scan | Realtime
2013/09/17 01:26:01 -0400 SANDRA-PC Sandra MESSAGE Database already up-to-date
2013/09/17 01:28:30 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 60345, Process: dllhost.exe)
2013/09/17 01:28:30 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 60346, Process: dllhost.exe)
2013/09/17 01:28:30 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 60347, Process: dllhost.exe)
2013/09/17 01:28:30 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 60348, Process: dllhost.exe)
2013/09/17 01:31:00 -0400 SANDRA-PC Sandra MESSAGE Executing scheduled update:  Flash Scan | Realtime
2013/09/17 01:31:01 -0400 SANDRA-PC Sandra MESSAGE Database already up-to-date
2013/09/17 01:36:00 -0400 SANDRA-PC Sandra MESSAGE Executing scheduled update:  Flash Scan | Realtime
2013/09/17 01:36:01 -0400 SANDRA-PC Sandra MESSAGE Database already up-to-date
2013/09/17 01:41:00 -0400 SANDRA-PC Sandra MESSAGE Executing scheduled update:  Flash Scan | Realtime
2013/09/17 01:41:01 -0400 SANDRA-PC Sandra MESSAGE Database already up-to-date
2013/09/17 01:41:21 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 61968, Process: dllhost.exe)
2013/09/17 01:41:21 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 61969, Process: dllhost.exe)
2013/09/17 01:41:21 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 61970, Process: dllhost.exe)
2013/09/17 01:41:21 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 61971, Process: dllhost.exe)
2013/09/17 01:46:00 -0400 SANDRA-PC Sandra MESSAGE Executing scheduled update:  Flash Scan | Realtime
2013/09/17 01:46:01 -0400 SANDRA-PC Sandra MESSAGE Database already up-to-date
2013/09/17 01:51:00 -0400 SANDRA-PC Sandra MESSAGE Executing scheduled update:  Flash Scan | Realtime
2013/09/17 01:51:01 -0400 SANDRA-PC Sandra MESSAGE Database already up-to-date
2013/09/17 01:56:00 -0400 SANDRA-PC Sandra MESSAGE Executing scheduled update:  Flash Scan | Realtime
2013/09/17 01:56:01 -0400 SANDRA-PC Sandra MESSAGE Database already up-to-date
2013/09/17 02:01:00 -0400 SANDRA-PC Sandra MESSAGE Executing scheduled update:  Flash Scan | Realtime
2013/09/17 02:01:01 -0400 SANDRA-PC Sandra MESSAGE Database already up-to-date
2013/09/17 02:06:00 -0400 SANDRA-PC Sandra MESSAGE Executing scheduled update:  Flash Scan | Realtime
2013/09/17 02:06:01 -0400 SANDRA-PC Sandra MESSAGE Database already up-to-date
2013/09/17 02:08:23 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 49318, Process: dllhost.exe)
2013/09/17 02:08:23 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 49320, Process: dllhost.exe)
2013/09/17 02:08:23 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 49319, Process: dllhost.exe)
2013/09/17 02:10:00 -0400 SANDRA-PC Sandra MESSAGE Executing scheduled scan:  Quick Scan | Hourly | Silent | -remove | -terminate | -reboot | -log
2013/09/17 02:10:00 -0400 SANDRA-PC Sandra MESSAGE Scheduled scan executed successfully
2013/09/17 02:11:00 -0400 SANDRA-PC Sandra MESSAGE Executing scheduled update:  Flash Scan | Realtime
2013/09/17 02:11:01 -0400 SANDRA-PC Sandra MESSAGE Database already up-to-date
2013/09/17 02:16:00 -0400 SANDRA-PC Sandra MESSAGE Executing scheduled update:  Flash Scan | Realtime
2013/09/17 02:16:01 -0400 SANDRA-PC Sandra MESSAGE Database already up-to-date
2013/09/17 02:21:00 -0400 SANDRA-PC Sandra MESSAGE Executing scheduled update:  Flash Scan | Realtime
2013/09/17 02:21:01 -0400 SANDRA-PC Sandra MESSAGE Database already up-to-date
2013/09/17 02:22:14 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 51183, Process: dllhost.exe)
2013/09/17 02:22:14 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 51184, Process: dllhost.exe)
2013/09/17 02:22:14 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 51185, Process: dllhost.exe)
2013/09/17 02:22:14 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 51186, Process: dllhost.exe)
2013/09/17 02:26:00 -0400 SANDRA-PC Sandra MESSAGE Executing scheduled update:  Flash Scan | Realtime
2013/09/17 02:26:01 -0400 SANDRA-PC Sandra MESSAGE Database already up-to-date
2013/09/17 02:28:50 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 52677, Process: dllhost.exe)
2013/09/17 02:28:50 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 52678, Process: dllhost.exe)
2013/09/17 02:28:50 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 52679, Process: dllhost.exe)
2013/09/17 02:28:50 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 52680, Process: dllhost.exe)
2013/09/17 02:28:58 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 52755, Process: dllhost.exe)
2013/09/17 02:28:58 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 52756, Process: dllhost.exe)
2013/09/17 02:28:58 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 52758, Process: dllhost.exe)
2013/09/17 02:28:58 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 52757, Process: dllhost.exe)
2013/09/17 02:31:00 -0400 SANDRA-PC Sandra MESSAGE Executing scheduled update:  Flash Scan | Realtime
2013/09/17 02:31:01 -0400 SANDRA-PC Sandra MESSAGE Database already up-to-date
2013/09/17 02:32:11 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 53720, Process: dllhost.exe)
2013/09/17 02:32:11 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 53721, Process: dllhost.exe)
2013/09/17 02:32:11 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 53722, Process: dllhost.exe)
2013/09/17 02:32:11 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 53723, Process: dllhost.exe)
2013/09/17 02:35:16 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 54401, Process: dllhost.exe)
2013/09/17 02:35:16 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 54400, Process: dllhost.exe)
2013/09/17 02:35:16 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 54403, Process: dllhost.exe)
2013/09/17 02:35:16 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 54402, Process: dllhost.exe)
2013/09/17 02:36:00 -0400 SANDRA-PC Sandra MESSAGE Executing scheduled update:  Flash Scan | Realtime
2013/09/17 02:36:01 -0400 SANDRA-PC Sandra MESSAGE Database already up-to-date
2013/09/17 02:38:04 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 54933, Process: dllhost.exe)
2013/09/17 02:38:05 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 54934, Process: dllhost.exe)
2013/09/17 02:38:05 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 54935, Process: dllhost.exe)
2013/09/17 02:38:05 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 54936, Process: dllhost.exe)
2013/09/17 02:41:00 -0400 SANDRA-PC Sandra MESSAGE Executing scheduled update:  Flash Scan | Realtime
2013/09/17 02:41:01 -0400 SANDRA-PC Sandra MESSAGE Database already up-to-date
2013/09/17 02:46:00 -0400 SANDRA-PC Sandra MESSAGE Executing scheduled update:  Flash Scan | Realtime
2013/09/17 02:46:01 -0400 SANDRA-PC Sandra MESSAGE Database already up-to-date
2013/09/17 02:51:00 -0400 SANDRA-PC Sandra MESSAGE Executing scheduled update:  Flash Scan | Realtime
2013/09/17 02:51:01 -0400 SANDRA-PC Sandra MESSAGE Database already up-to-date
2013/09/17 02:55:20 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 57265, Process: dllhost.exe)
2013/09/17 02:55:21 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 57266, Process: dllhost.exe)
2013/09/17 02:55:21 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 57268, Process: dllhost.exe)
2013/09/17 02:55:21 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 57267, Process: dllhost.exe)
2013/09/17 02:56:00 -0400 SANDRA-PC Sandra MESSAGE Executing scheduled update:  Flash Scan | Realtime
2013/09/17 02:56:01 -0400 SANDRA-PC Sandra MESSAGE Database already up-to-date
2013/09/17 03:01:00 -0400 SANDRA-PC Sandra MESSAGE Executing scheduled update:  Flash Scan | Realtime
2013/09/17 03:01:01 -0400 SANDRA-PC Sandra MESSAGE Database already up-to-date
2013/09/17 03:06:00 -0400 SANDRA-PC Sandra MESSAGE Executing scheduled update:  Flash Scan | Realtime
2013/09/17 03:06:01 -0400 SANDRA-PC Sandra MESSAGE Database already up-to-date
2013/09/17 03:09:00 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 59261, Process: dllhost.exe)
2013/09/17 03:09:00 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 59262, Process: dllhost.exe)
2013/09/17 03:09:00 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 59263, Process: dllhost.exe)
2013/09/17 03:09:00 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 59264, Process: dllhost.exe)
2013/09/17 03:10:00 -0400 SANDRA-PC Sandra MESSAGE Executing scheduled scan:  Quick Scan | Hourly | Silent | -remove | -terminate | -reboot | -log
2013/09/17 03:10:00 -0400 SANDRA-PC Sandra MESSAGE Scheduled scan executed successfully
2013/09/17 03:11:00 -0400 SANDRA-PC Sandra MESSAGE Executing scheduled update:  Flash Scan | Realtime
2013/09/17 03:11:01 -0400 SANDRA-PC Sandra MESSAGE Database already up-to-date
2013/09/17 03:15:40 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 60452, Process: dllhost.exe)
2013/09/17 03:15:40 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 60453, Process: dllhost.exe)
2013/09/17 03:15:40 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 60454, Process: dllhost.exe)
2013/09/17 03:15:40 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 60455, Process: dllhost.exe)
2013/09/17 03:16:00 -0400 SANDRA-PC Sandra MESSAGE Executing scheduled update:  Flash Scan | Realtime
2013/09/17 03:16:02 -0400 SANDRA-PC Sandra MESSAGE Database already up-to-date
2013/09/17 03:21:00 -0400 SANDRA-PC Sandra MESSAGE Executing scheduled update:  Flash Scan | Realtime
2013/09/17 03:21:01 -0400 SANDRA-PC Sandra MESSAGE Database already up-to-date
2013/09/17 03:26:00 -0400 SANDRA-PC Sandra MESSAGE Executing scheduled update:  Flash Scan | Realtime
2013/09/17 03:26:01 -0400 SANDRA-PC Sandra MESSAGE Database already up-to-date
2013/09/17 03:31:00 -0400 SANDRA-PC Sandra MESSAGE Executing scheduled update:  Flash Scan | Realtime
2013/09/17 03:31:01 -0400 SANDRA-PC Sandra MESSAGE Database already up-to-date
2013/09/17 03:36:00 -0400 SANDRA-PC Sandra MESSAGE Executing scheduled update:  Flash Scan | Realtime
2013/09/17 03:36:01 -0400 SANDRA-PC Sandra MESSAGE Database already up-to-date
2013/09/17 03:40:53 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 65146, Process: dllhost.exe)
2013/09/17 03:40:53 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 65147, Process: dllhost.exe)
2013/09/17 03:40:53 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 65148, Process: dllhost.exe)
2013/09/17 03:40:53 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 65149, Process: dllhost.exe)
2013/09/17 03:41:00 -0400 SANDRA-PC Sandra MESSAGE Executing scheduled update:  Flash Scan | Realtime
2013/09/17 03:41:01 -0400 SANDRA-PC Sandra MESSAGE Database already up-to-date
2013/09/17 03:46:00 -0400 SANDRA-PC Sandra MESSAGE Executing scheduled update:  Flash Scan | Realtime
2013/09/17 03:46:03 -0400 SANDRA-PC Sandra MESSAGE Database already up-to-date
2013/09/17 03:51:00 -0400 SANDRA-PC Sandra MESSAGE Executing scheduled update:  Flash Scan | Realtime
2013/09/17 03:51:01 -0400 SANDRA-PC Sandra MESSAGE Database already up-to-date
2013/09/17 03:56:00 -0400 SANDRA-PC Sandra MESSAGE Executing scheduled update:  Flash Scan | Realtime
2013/09/17 03:56:01 -0400 SANDRA-PC Sandra MESSAGE Database already up-to-date
2013/09/17 03:56:42 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 52043, Process: dllhost.exe)
2013/09/17 03:56:42 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 52044, Process: dllhost.exe)
2013/09/17 03:56:42 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 52045, Process: dllhost.exe)
2013/09/17 03:56:42 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 52046, Process: dllhost.exe)
2013/09/17 04:01:00 -0400 SANDRA-PC Sandra MESSAGE Executing scheduled update:  Flash Scan | Realtime
2013/09/17 04:01:01 -0400 SANDRA-PC Sandra MESSAGE Database already up-to-date
2013/09/17 04:06:00 -0400 SANDRA-PC Sandra MESSAGE Executing scheduled update:  Flash Scan | Realtime
2013/09/17 04:06:01 -0400 SANDRA-PC Sandra MESSAGE Database already up-to-date
2013/09/17 04:07:33 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 53189, Process: dllhost.exe)
2013/09/17 04:07:33 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 53190, Process: dllhost.exe)
2013/09/17 04:07:33 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 53191, Process: dllhost.exe)
2013/09/17 04:07:33 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 53192, Process: dllhost.exe)
2013/09/17 04:07:41 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 53336, Process: dllhost.exe)
2013/09/17 04:07:41 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 53338, Process: dllhost.exe)
2013/09/17 04:07:41 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 53339, Process: dllhost.exe)
2013/09/17 04:07:41 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 53340, Process: dllhost.exe)
2013/09/17 04:10:00 -0400 SANDRA-PC Sandra MESSAGE Executing scheduled scan:  Quick Scan | Hourly | Silent | -remove | -terminate | -reboot | -log
2013/09/17 04:10:00 -0400 SANDRA-PC Sandra MESSAGE Scheduled scan executed successfully
2013/09/17 04:11:00 -0400 SANDRA-PC Sandra MESSAGE Executing scheduled update:  Flash Scan | Realtime
2013/09/17 04:11:01 -0400 SANDRA-PC Sandra MESSAGE Database already up-to-date
2013/09/17 04:16:00 -0400 SANDRA-PC Sandra MESSAGE Executing scheduled update:  Flash Scan | Realtime
2013/09/17 04:16:01 -0400 SANDRA-PC Sandra MESSAGE Database already up-to-date
2013/09/17 04:16:11 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 54552, Process: dllhost.exe)
2013/09/17 04:16:11 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 54553, Process: dllhost.exe)
2013/09/17 04:16:11 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 54554, Process: dllhost.exe)
2013/09/17 04:16:11 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 54555, Process: dllhost.exe)
2013/09/17 04:21:00 -0400 SANDRA-PC Sandra MESSAGE Executing scheduled update:  Flash Scan | Realtime
2013/09/17 04:21:01 -0400 SANDRA-PC Sandra MESSAGE Database already up-to-date
2013/09/17 04:26:00 -0400 SANDRA-PC Sandra MESSAGE Executing scheduled update:  Flash Scan | Realtime
2013/09/17 04:26:01 -0400 SANDRA-PC Sandra MESSAGE Database already up-to-date
2013/09/17 04:31:00 -0400 SANDRA-PC Sandra MESSAGE Executing scheduled update:  Flash Scan | Realtime
2013/09/17 04:31:08 -0400 SANDRA-PC Sandra MESSAGE Scheduled update executed successfully:  database updated from version v2013.09.17.02 to version v2013.09.17.03
2013/09/17 04:31:08 -0400 SANDRA-PC Sandra MESSAGE Starting database refresh
2013/09/17 04:31:08 -0400 SANDRA-PC Sandra MESSAGE Stopping IP protection
2013/09/17 04:31:09 -0400 SANDRA-PC Sandra MESSAGE IP Protection stopped successfully
2013/09/17 04:31:11 -0400 SANDRA-PC Sandra MESSAGE Executing scheduled scan:  Flash Scan | -terminate
2013/09/17 04:31:11 -0400 SANDRA-PC Sandra MESSAGE Scheduled scan executed successfully
2013/09/17 04:31:45 -0400 SANDRA-PC Sandra MESSAGE Database refreshed successfully
2013/09/17 04:31:45 -0400 SANDRA-PC Sandra MESSAGE Starting IP protection
2013/09/17 04:31:53 -0400 SANDRA-PC Sandra MESSAGE IP Protection started successfully
2013/09/17 04:34:26 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 56422, Process: dllhost.exe)
2013/09/17 04:34:26 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 56423, Process: dllhost.exe)
2013/09/17 04:34:26 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 56424, Process: dllhost.exe)
2013/09/17 04:34:26 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 56425, Process: dllhost.exe)
2013/09/17 04:36:00 -0400 SANDRA-PC Sandra MESSAGE Executing scheduled update:  Flash Scan | Realtime
2013/09/17 04:36:01 -0400 SANDRA-PC Sandra MESSAGE Database already up-to-date
2013/09/17 04:41:00 -0400 SANDRA-PC Sandra MESSAGE Executing scheduled update:  Flash Scan | Realtime
2013/09/17 04:41:01 -0400 SANDRA-PC Sandra MESSAGE Database already up-to-date
2013/09/17 04:42:05 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 57358, Process: dllhost.exe)
2013/09/17 04:42:05 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 57359, Process: dllhost.exe)
2013/09/17 04:42:05 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 57360, Process: dllhost.exe)
2013/09/17 04:42:05 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 57361, Process: dllhost.exe)
2013/09/17 04:42:30 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 57560, Process: dllhost.exe)
2013/09/17 04:42:30 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 57561, Process: dllhost.exe)
2013/09/17 04:42:30 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 57562, Process: dllhost.exe)
2013/09/17 04:42:30 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 57563, Process: dllhost.exe)
2013/09/17 04:46:00 -0400 SANDRA-PC Sandra MESSAGE Executing scheduled update:  Flash Scan | Realtime
2013/09/17 04:46:01 -0400 SANDRA-PC Sandra MESSAGE Database already up-to-date
2013/09/17 04:48:07 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 58408, Process: dllhost.exe)
2013/09/17 04:48:07 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 58409, Process: dllhost.exe)
2013/09/17 04:48:07 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 58410, Process: dllhost.exe)
2013/09/17 04:51:00 -0400 SANDRA-PC Sandra MESSAGE Executing scheduled update:  Flash Scan | Realtime
2013/09/17 04:51:01 -0400 SANDRA-PC Sandra MESSAGE Database already up-to-date
2013/09/17 04:56:00 -0400 SANDRA-PC Sandra MESSAGE Executing scheduled update:  Flash Scan | Realtime
2013/09/17 04:56:01 -0400 SANDRA-PC Sandra MESSAGE Database already up-to-date
2013/09/17 05:01:00 -0400 SANDRA-PC Sandra MESSAGE Executing scheduled update:  Flash Scan | Realtime
2013/09/17 05:01:01 -0400 SANDRA-PC Sandra MESSAGE Database already up-to-date
2013/09/17 05:06:00 -0400 SANDRA-PC Sandra MESSAGE Executing scheduled update:  Flash Scan | Realtime
2013/09/17 05:06:01 -0400 SANDRA-PC Sandra MESSAGE Database already up-to-date
2013/09/17 05:06:28 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 61610, Process: dllhost.exe)
2013/09/17 05:06:28 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 61611, Process: dllhost.exe)
2013/09/17 05:06:28 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 61612, Process: dllhost.exe)
2013/09/17 05:06:28 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 61613, Process: dllhost.exe)
2013/09/17 05:10:00 -0400 SANDRA-PC Sandra MESSAGE Executing scheduled scan:  Quick Scan | Hourly | Silent | -remove | -terminate | -reboot | -log
2013/09/17 05:10:00 -0400 SANDRA-PC Sandra MESSAGE Scheduled scan executed successfully
2013/09/17 05:11:00 -0400 SANDRA-PC Sandra MESSAGE Executing scheduled update:  Flash Scan | Realtime
2013/09/17 05:11:03 -0400 SANDRA-PC Sandra MESSAGE Database already up-to-date
2013/09/17 05:16:00 -0400 SANDRA-PC Sandra MESSAGE Executing scheduled update:  Flash Scan | Realtime
2013/09/17 05:16:05 -0400 SANDRA-PC Sandra MESSAGE Database already up-to-date
2013/09/17 05:21:00 -0400 SANDRA-PC Sandra MESSAGE Executing scheduled update:  Flash Scan | Realtime
2013/09/17 05:21:01 -0400 SANDRA-PC Sandra MESSAGE Database already up-to-date
2013/09/17 05:26:00 -0400 SANDRA-PC Sandra MESSAGE Executing scheduled update:  Flash Scan | Realtime
2013/09/17 05:26:01 -0400 SANDRA-PC Sandra MESSAGE Database already up-to-date
2013/09/17 05:31:00 -0400 SANDRA-PC Sandra MESSAGE Executing scheduled update:  Flash Scan | Realtime
2013/09/17 05:31:01 -0400 SANDRA-PC Sandra MESSAGE Database already up-to-date
2013/09/17 05:36:00 -0400 SANDRA-PC Sandra MESSAGE Executing scheduled update:  Flash Scan | Realtime
2013/09/17 05:36:01 -0400 SANDRA-PC Sandra MESSAGE Database already up-to-date
2013/09/17 05:36:35 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 54540, Process: dllhost.exe)
2013/09/17 05:36:35 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 54541, Process: dllhost.exe)
2013/09/17 05:36:35 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 54542, Process: dllhost.exe)
2013/09/17 05:36:35 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 54543, Process: dllhost.exe)
2013/09/17 05:41:00 -0400 SANDRA-PC Sandra MESSAGE Executing scheduled update:  Flash Scan | Realtime
2013/09/17 05:41:01 -0400 SANDRA-PC Sandra MESSAGE Database already up-to-date
2013/09/17 05:41:57 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 55090, Process: dllhost.exe)
2013/09/17 05:41:57 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 55091, Process: dllhost.exe)
2013/09/17 05:41:57 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 55092, Process: dllhost.exe)
2013/09/17 05:41:57 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 55093, Process: dllhost.exe)
2013/09/17 05:42:45 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 55235, Process: dllhost.exe)
2013/09/17 05:42:45 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 55236, Process: dllhost.exe)
2013/09/17 05:42:45 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 55237, Process: dllhost.exe)
2013/09/17 05:42:45 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 55238, Process: dllhost.exe)
2013/09/17 05:46:00 -0400 SANDRA-PC Sandra MESSAGE Executing scheduled update:  Flash Scan | Realtime
2013/09/17 05:46:01 -0400 SANDRA-PC Sandra MESSAGE Database already up-to-date
2013/09/17 05:51:00 -0400 SANDRA-PC Sandra MESSAGE Executing scheduled update:  Flash Scan | Realtime
2013/09/17 05:51:01 -0400 SANDRA-PC Sandra MESSAGE Database already up-to-date
2013/09/17 05:56:00 -0400 SANDRA-PC Sandra MESSAGE Executing scheduled update:  Flash Scan | Realtime
2013/09/17 05:56:01 -0400 SANDRA-PC Sandra MESSAGE Database already up-to-date
2013/09/17 05:56:32 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 56683, Process: dllhost.exe)
2013/09/17 05:56:32 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 56684, Process: dllhost.exe)
2013/09/17 05:56:32 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 56685, Process: dllhost.exe)
2013/09/17 05:56:32 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 56686, Process: dllhost.exe)
2013/09/17 06:01:00 -0400 SANDRA-PC Sandra MESSAGE Executing scheduled update:  Flash Scan | Realtime
2013/09/17 06:01:01 -0400 SANDRA-PC Sandra MESSAGE Database already up-to-date
2013/09/17 06:04:42 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 57719, Process: dllhost.exe)
2013/09/17 06:04:42 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 57720, Process: dllhost.exe)
2013/09/17 06:04:42 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 57721, Process: dllhost.exe)
2013/09/17 06:04:42 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 57722, Process: dllhost.exe)
2013/09/17 06:06:00 -0400 SANDRA-PC Sandra MESSAGE Executing scheduled update:  Flash Scan | Realtime
2013/09/17 06:06:01 -0400 SANDRA-PC Sandra MESSAGE Database already up-to-date
2013/09/17 06:10:00 -0400 SANDRA-PC Sandra MESSAGE Executing scheduled scan:  Quick Scan | Hourly | Silent | -remove | -terminate | -reboot | -log
2013/09/17 06:10:00 -0400 SANDRA-PC Sandra MESSAGE Scheduled scan executed successfully
2013/09/17 06:11:00 -0400 SANDRA-PC Sandra MESSAGE Executing scheduled update:  Flash Scan | Realtime
2013/09/17 06:11:01 -0400 SANDRA-PC Sandra MESSAGE Database already up-to-date
2013/09/17 06:14:47 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 59423, Process: dllhost.exe)
2013/09/17 06:14:48 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 59424, Process: dllhost.exe)
2013/09/17 06:14:48 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 59425, Process: dllhost.exe)
2013/09/17 06:14:48 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 59426, Process: dllhost.exe)
2013/09/17 06:16:00 -0400 SANDRA-PC Sandra MESSAGE Executing scheduled update:  Flash Scan | Realtime
2013/09/17 06:16:01 -0400 SANDRA-PC Sandra MESSAGE Database already up-to-date
2013/09/17 06:21:00 -0400 SANDRA-PC Sandra MESSAGE Executing scheduled update:  Flash Scan | Realtime
2013/09/17 06:21:01 -0400 SANDRA-PC Sandra MESSAGE Database already up-to-date
2013/09/17 06:21:38 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 59999, Process: dllhost.exe)
2013/09/17 06:21:38 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 59998, Process: dllhost.exe)
2013/09/17 06:21:38 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 60000, Process: dllhost.exe)
2013/09/17 06:21:38 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 60001, Process: dllhost.exe)
2013/09/17 06:26:00 -0400 SANDRA-PC Sandra MESSAGE Executing scheduled update:  Flash Scan | Realtime
2013/09/17 06:26:08 -0400 SANDRA-PC Sandra MESSAGE Scheduled update executed successfully:  database updated from version v2013.09.17.03 to version v2013.09.17.04
2013/09/17 06:26:08 -0400 SANDRA-PC Sandra MESSAGE Starting database refresh
2013/09/17 06:26:09 -0400 SANDRA-PC Sandra MESSAGE Stopping IP protection
2013/09/17 06:26:10 -0400 SANDRA-PC Sandra MESSAGE IP Protection stopped successfully
2013/09/17 06:26:11 -0400 SANDRA-PC Sandra MESSAGE Executing scheduled scan:  Flash Scan | -terminate
2013/09/17 06:26:11 -0400 SANDRA-PC Sandra MESSAGE Scheduled scan executed successfully
2013/09/17 06:27:01 -0400 SANDRA-PC Sandra MESSAGE Database refreshed successfully
2013/09/17 06:27:01 -0400 SANDRA-PC Sandra MESSAGE Starting IP protection
2013/09/17 06:27:10 -0400 SANDRA-PC Sandra MESSAGE IP Protection started successfully
2013/09/17 06:31:00 -0400 SANDRA-PC Sandra MESSAGE Executing scheduled update:  Flash Scan | Realtime
2013/09/17 06:31:01 -0400 SANDRA-PC Sandra MESSAGE Database already up-to-date
2013/09/17 06:33:04 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 61574, Process: dllhost.exe)
2013/09/17 06:33:04 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 61575, Process: dllhost.exe)
2013/09/17 06:33:04 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 61576, Process: dllhost.exe)
2013/09/17 06:33:04 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 61577, Process: dllhost.exe)
2013/09/17 06:33:12 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 61606, Process: dllhost.exe)
2013/09/17 06:33:12 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 61607, Process: dllhost.exe)
2013/09/17 06:33:12 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 61609, Process: dllhost.exe)
2013/09/17 06:33:12 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 61608, Process: dllhost.exe)
2013/09/17 06:33:20 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 61673, Process: dllhost.exe)
2013/09/17 06:33:20 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 61674, Process: dllhost.exe)
2013/09/17 06:33:20 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 61675, Process: dllhost.exe)
2013/09/17 06:33:20 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 61676, Process: dllhost.exe)
2013/09/17 06:33:28 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 61679, Process: dllhost.exe)
2013/09/17 06:33:28 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 61680, Process: dllhost.exe)
2013/09/17 06:33:28 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 61681, Process: dllhost.exe)
2013/09/17 06:33:28 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 61682, Process: dllhost.exe)
2013/09/17 06:33:36 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 61688, Process: dllhost.exe)
2013/09/17 06:33:36 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 61689, Process: dllhost.exe)
2013/09/17 06:33:36 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 61690, Process: dllhost.exe)
2013/09/17 06:33:36 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 61691, Process: dllhost.exe)
2013/09/17 06:36:00 -0400 SANDRA-PC Sandra MESSAGE Executing scheduled update:  Flash Scan | Realtime
2013/09/17 06:36:01 -0400 SANDRA-PC Sandra MESSAGE Database already up-to-date
2013/09/17 06:39:46 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 63077, Process: dllhost.exe)
2013/09/17 06:39:47 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 63078, Process: dllhost.exe)
2013/09/17 06:39:47 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 63079, Process: dllhost.exe)
2013/09/17 06:39:47 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 63080, Process: dllhost.exe)
2013/09/17 06:41:00 -0400 SANDRA-PC Sandra MESSAGE Executing scheduled update:  Flash Scan | Realtime
2013/09/17 06:41:01 -0400 SANDRA-PC Sandra MESSAGE Database already up-to-date
2013/09/17 06:41:07 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 63297, Process: dllhost.exe)
2013/09/17 06:41:07 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 63298, Process: dllhost.exe)
2013/09/17 06:41:07 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 63299, Process: dllhost.exe)
2013/09/17 06:42:52 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 63560, Process: dllhost.exe)
2013/09/17 06:42:52 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 63561, Process: dllhost.exe)
2013/09/17 06:42:52 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 63562, Process: dllhost.exe)
2013/09/17 06:42:52 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 63563, Process: dllhost.exe)
2013/09/17 06:43:00 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 63578, Process: dllhost.exe)
2013/09/17 06:43:00 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 63579, Process: dllhost.exe)
2013/09/17 06:43:00 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 63580, Process: dllhost.exe)
2013/09/17 06:43:00 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 63581, Process: dllhost.exe)
2013/09/17 06:43:16 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 63641, Process: dllhost.exe)
2013/09/17 06:43:16 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 63642, Process: dllhost.exe)
2013/09/17 06:43:16 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 63643, Process: dllhost.exe)
2013/09/17 06:43:16 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 63644, Process: dllhost.exe)
2013/09/17 06:43:32 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 63647, Process: dllhost.exe)
2013/09/17 06:43:32 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 63648, Process: dllhost.exe)
2013/09/17 06:46:00 -0400 SANDRA-PC Sandra MESSAGE Executing scheduled update:  Flash Scan | Realtime
2013/09/17 06:46:01 -0400 SANDRA-PC Sandra MESSAGE Database already up-to-date
2013/09/17 06:51:00 -0400 SANDRA-PC Sandra MESSAGE Executing scheduled update:  Flash Scan | Realtime
2013/09/17 06:51:01 -0400 SANDRA-PC Sandra MESSAGE Database already up-to-date
2013/09/17 06:56:00 -0400 SANDRA-PC Sandra MESSAGE Executing scheduled update:  Flash Scan | Realtime
2013/09/17 06:56:01 -0400 SANDRA-PC Sandra MESSAGE Database already up-to-date
2013/09/17 07:00:48 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 49360, Process: dllhost.exe)
2013/09/17 07:00:48 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 49361, Process: dllhost.exe)
2013/09/17 07:00:48 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 49362, Process: dllhost.exe)
2013/09/17 07:00:48 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 49363, Process: dllhost.exe)
2013/09/17 07:01:00 -0400 SANDRA-PC Sandra MESSAGE Executing scheduled update:  Flash Scan | Realtime
2013/09/17 07:01:02 -0400 SANDRA-PC Sandra MESSAGE Database already up-to-date
2013/09/17 07:06:00 -0400 SANDRA-PC Sandra MESSAGE Executing scheduled update:  Flash Scan | Realtime
2013/09/17 07:06:01 -0400 SANDRA-PC Sandra MESSAGE Database already up-to-date
2013/09/17 07:08:19 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 51237, Process: dllhost.exe)
2013/09/17 07:08:19 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 51236, Process: dllhost.exe)
2013/09/17 07:08:19 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 51238, Process: dllhost.exe)
2013/09/17 07:08:19 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 51239, Process: dllhost.exe)
2013/09/17 07:10:00 -0400 SANDRA-PC Sandra MESSAGE Executing scheduled scan:  Quick Scan | Hourly | Silent | -remove | -terminate | -reboot | -log
2013/09/17 07:10:00 -0400 SANDRA-PC Sandra MESSAGE Scheduled scan executed successfully
2013/09/17 07:11:00 -0400 SANDRA-PC Sandra MESSAGE Executing scheduled update:  Flash Scan | Realtime
2013/09/17 07:11:01 -0400 SANDRA-PC Sandra MESSAGE Database already up-to-date
2013/09/17 07:16:00 -0400 SANDRA-PC Sandra MESSAGE Executing scheduled update:  Flash Scan | Realtime
2013/09/17 07:16:01 -0400 SANDRA-PC Sandra MESSAGE Database already up-to-date
2013/09/17 07:21:00 -0400 SANDRA-PC Sandra MESSAGE Executing scheduled update:  Flash Scan | Realtime
2013/09/17 07:21:02 -0400 SANDRA-PC Sandra MESSAGE Database already up-to-date
2013/09/17 07:26:00 -0400 SANDRA-PC Sandra MESSAGE Executing scheduled update:  Flash Scan | Realtime
2013/09/17 07:26:01 -0400 SANDRA-PC Sandra MESSAGE Database already up-to-date
2013/09/17 07:31:00 -0400 SANDRA-PC Sandra MESSAGE Executing scheduled update:  Flash Scan | Realtime
2013/09/17 07:31:01 -0400 SANDRA-PC Sandra MESSAGE Database already up-to-date
2013/09/17 07:33:40 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 54059, Process: dllhost.exe)
2013/09/17 07:33:41 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 54060, Process: dllhost.exe)
2013/09/17 07:33:41 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 54061, Process: dllhost.exe)
2013/09/17 07:33:41 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 54062, Process: dllhost.exe)
2013/09/17 07:36:00 -0400 SANDRA-PC Sandra MESSAGE Executing scheduled update:  Flash Scan | Realtime
2013/09/17 07:36:01 -0400 SANDRA-PC Sandra MESSAGE Database already up-to-date
2013/09/17 07:36:06 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 54490, Process: dllhost.exe)
2013/09/17 07:36:06 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 54491, Process: dllhost.exe)
2013/09/17 07:36:06 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 54492, Process: dllhost.exe)
2013/09/17 07:36:06 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 54493, Process: dllhost.exe)
2013/09/17 07:36:30 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 54582, Process: dllhost.exe)
2013/09/17 07:36:30 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 54583, Process: dllhost.exe)
2013/09/17 07:36:30 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 54584, Process: dllhost.exe)
2013/09/17 07:36:30 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 54585, Process: dllhost.exe)
2013/09/17 07:41:00 -0400 SANDRA-PC Sandra MESSAGE Executing scheduled update:  Flash Scan | Realtime
2013/09/17 07:41:01 -0400 SANDRA-PC Sandra MESSAGE Database already up-to-date
2013/09/17 07:46:00 -0400 SANDRA-PC Sandra MESSAGE Executing scheduled update:  Flash Scan | Realtime
2013/09/17 07:46:08 -0400 SANDRA-PC Sandra MESSAGE Scheduled update executed successfully:  database updated from version v2013.09.17.04 to version v2013.09.17.05
2013/09/17 07:46:08 -0400 SANDRA-PC Sandra MESSAGE Starting database refresh
2013/09/17 07:46:09 -0400 SANDRA-PC Sandra MESSAGE Stopping IP protection
2013/09/17 07:46:10 -0400 SANDRA-PC Sandra MESSAGE IP Protection stopped successfully
2013/09/17 07:46:11 -0400 SANDRA-PC Sandra MESSAGE Executing scheduled scan:  Flash Scan | -terminate
2013/09/17 07:46:12 -0400 SANDRA-PC Sandra MESSAGE Scheduled scan executed successfully
2013/09/17 07:46:32 -0400 SANDRA-PC Sandra MESSAGE Database refreshed successfully
2013/09/17 07:46:32 -0400 SANDRA-PC Sandra MESSAGE Starting IP protection
2013/09/17 07:46:41 -0400 SANDRA-PC Sandra MESSAGE IP Protection started successfully
2013/09/17 07:51:00 -0400 SANDRA-PC Sandra MESSAGE Executing scheduled update:  Flash Scan | Realtime
2013/09/17 07:51:01 -0400 SANDRA-PC Sandra MESSAGE Database already up-to-date
2013/09/17 07:56:00 -0400 SANDRA-PC Sandra MESSAGE Executing scheduled update:  Flash Scan | Realtime
2013/09/17 07:56:07 -0400 SANDRA-PC Sandra MESSAGE Database already up-to-date
2013/09/17 07:58:28 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 57387, Process: dllhost.exe)
2013/09/17 07:58:28 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 57388, Process: dllhost.exe)
2013/09/17 07:58:28 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 57389, Process: dllhost.exe)
2013/09/17 07:58:28 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 57390, Process: dllhost.exe)
2013/09/17 08:01:00 -0400 SANDRA-PC Sandra MESSAGE Executing scheduled update:  Flash Scan | Realtime
2013/09/17 08:01:03 -0400 SANDRA-PC Sandra MESSAGE Database already up-to-date
2013/09/17 08:06:00 -0400 SANDRA-PC Sandra MESSAGE Executing scheduled update:  Flash Scan | Realtime
2013/09/17 08:06:01 -0400 SANDRA-PC Sandra MESSAGE Database already up-to-date
2013/09/17 08:10:00 -0400 SANDRA-PC Sandra MESSAGE Executing scheduled scan:  Quick Scan | Hourly | Silent | -remove | -terminate | -reboot | -log
2013/09/17 08:10:00 -0400 SANDRA-PC Sandra MESSAGE Scheduled scan executed successfully
2013/09/17 08:11:00 -0400 SANDRA-PC Sandra MESSAGE Executing scheduled update:  Flash Scan | Realtime
2013/09/17 08:11:01 -0400 SANDRA-PC Sandra MESSAGE Database already up-to-date
2013/09/17 08:16:00 -0400 SANDRA-PC Sandra MESSAGE Executing scheduled update:  Flash Scan | Realtime
2013/09/17 08:16:02 -0400 SANDRA-PC Sandra MESSAGE Database already up-to-date
2013/09/17 08:21:00 -0400 SANDRA-PC Sandra MESSAGE Executing scheduled update:  Flash Scan | Realtime
2013/09/17 08:21:01 -0400 SANDRA-PC Sandra MESSAGE Database already up-to-date
2013/09/17 08:26:00 -0400 SANDRA-PC Sandra MESSAGE Executing scheduled update:  Flash Scan | Realtime
2013/09/17 08:26:01 -0400 SANDRA-PC Sandra MESSAGE Database already up-to-date
2013/09/17 08:29:46 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 63313, Process: dllhost.exe)
2013/09/17 08:29:46 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 63314, Process: dllhost.exe)
2013/09/17 08:29:46 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 63315, Process: dllhost.exe)
2013/09/17 08:29:46 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 63316, Process: dllhost.exe)
2013/09/17 08:31:00 -0400 SANDRA-PC Sandra MESSAGE Executing scheduled update:  Flash Scan | Realtime
2013/09/17 08:31:01 -0400 SANDRA-PC Sandra MESSAGE Database already up-to-date
2013/09/17 08:36:00 -0400 SANDRA-PC Sandra MESSAGE Executing scheduled update:  Flash Scan | Realtime
2013/09/17 08:36:01 -0400 SANDRA-PC Sandra MESSAGE Database already up-to-date
2013/09/17 08:37:49 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 64579, Process: dllhost.exe)
2013/09/17 08:37:49 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 64580, Process: dllhost.exe)
2013/09/17 08:37:49 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 64581, Process: dllhost.exe)
2013/09/17 08:37:49 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 64582, Process: dllhost.exe)
2013/09/17 08:41:00 -0400 SANDRA-PC Sandra MESSAGE Executing scheduled update:  Flash Scan | Realtime
2013/09/17 08:41:01 -0400 SANDRA-PC Sandra MESSAGE Database already up-to-date
2013/09/17 08:46:00 -0400 SANDRA-PC Sandra MESSAGE Executing scheduled update:  Flash Scan | Realtime
2013/09/17 08:46:08 -0400 SANDRA-PC Sandra MESSAGE Scheduled update executed successfully:  database updated from version v2013.09.17.05 to version v2013.09.17.06
2013/09/17 08:46:08 -0400 SANDRA-PC Sandra MESSAGE Starting database refresh
2013/09/17 08:46:09 -0400 SANDRA-PC Sandra MESSAGE Stopping IP protection
2013/09/17 08:46:10 -0400 SANDRA-PC Sandra MESSAGE IP Protection stopped successfully
2013/09/17 08:46:11 -0400 SANDRA-PC Sandra MESSAGE Executing scheduled scan:  Flash Scan | -terminate
2013/09/17 08:46:11 -0400 SANDRA-PC Sandra MESSAGE Scheduled scan executed successfully
2013/09/17 08:46:40 -0400 SANDRA-PC Sandra MESSAGE Database refreshed successfully
2013/09/17 08:46:40 -0400 SANDRA-PC Sandra MESSAGE Starting IP protection
2013/09/17 08:46:48 -0400 SANDRA-PC Sandra MESSAGE IP Protection started successfully
2013/09/17 08:51:00 -0400 SANDRA-PC Sandra MESSAGE Executing scheduled update:  Flash Scan | Realtime
2013/09/17 08:51:02 -0400 SANDRA-PC Sandra MESSAGE Database already up-to-date
2013/09/17 08:54:51 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 50543, Process: dllhost.exe)
2013/09/17 08:54:51 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 50544, Process: dllhost.exe)
2013/09/17 08:54:51 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 50545, Process: dllhost.exe)
2013/09/17 08:56:00 -0400 SANDRA-PC Sandra MESSAGE Executing scheduled update:  Flash Scan | Realtime
2013/09/17 08:56:01 -0400 SANDRA-PC Sandra MESSAGE Database already up-to-date
2013/09/17 08:57:55 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 50934, Process: dllhost.exe)
2013/09/17 08:57:56 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 50935, Process: dllhost.exe)
2013/09/17 08:57:56 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 50936, Process: dllhost.exe)
2013/09/17 08:57:56 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 50937, Process: dllhost.exe)
2013/09/17 09:01:00 -0400 SANDRA-PC Sandra MESSAGE Executing scheduled update:  Flash Scan | Realtime
2013/09/17 09:01:01 -0400 SANDRA-PC Sandra MESSAGE Database already up-to-date
2013/09/17 09:06:00 -0400 SANDRA-PC Sandra MESSAGE Executing scheduled update:  Flash Scan | Realtime
2013/09/17 09:06:01 -0400 SANDRA-PC Sandra MESSAGE Database already up-to-date
2013/09/17 09:10:00 -0400 SANDRA-PC Sandra MESSAGE Executing scheduled scan:  Quick Scan | Hourly | Silent | -remove | -terminate | -reboot | -log
2013/09/17 09:10:00 -0400 SANDRA-PC Sandra MESSAGE Scheduled scan executed successfully
2013/09/17 09:10:23 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 51915, Process: dllhost.exe)
2013/09/17 09:10:23 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 51916, Process: dllhost.exe)
2013/09/17 09:10:23 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 51917, Process: dllhost.exe)
2013/09/17 09:10:23 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 51918, Process: dllhost.exe)
2013/09/17 09:10:31 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 51925, Process: dllhost.exe)
2013/09/17 09:10:31 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 51926, Process: dllhost.exe)
2013/09/17 09:10:31 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 51927, Process: dllhost.exe)
2013/09/17 09:10:31 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 51928, Process: dllhost.exe)
2013/09/17 09:11:00 -0400 SANDRA-PC Sandra MESSAGE Executing scheduled update:  Flash Scan | Realtime
2013/09/17 09:11:01 -0400 SANDRA-PC Sandra MESSAGE Database already up-to-date
2013/09/17 09:16:00 -0400 SANDRA-PC Sandra MESSAGE Executing scheduled update:  Flash Scan | Realtime
2013/09/17 09:16:02 -0400 SANDRA-PC Sandra MESSAGE Database already up-to-date
2013/09/17 09:21:00 -0400 SANDRA-PC Sandra MESSAGE Executing scheduled update:  Flash Scan | Realtime
2013/09/17 09:21:01 -0400 SANDRA-PC Sandra MESSAGE Database already up-to-date
2013/09/17 09:26:00 -0400 SANDRA-PC Sandra MESSAGE Executing scheduled update:  Flash Scan | Realtime
2013/09/17 09:26:01 -0400 SANDRA-PC Sandra MESSAGE Database already up-to-date
2013/09/17 09:31:00 -0400 SANDRA-PC Sandra MESSAGE Executing scheduled update:  Flash Scan | Realtime
2013/09/17 09:31:01 -0400 SANDRA-PC Sandra MESSAGE Database already up-to-date
2013/09/17 09:35:28 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 54906, Process: dllhost.exe)
2013/09/17 09:35:28 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 54907, Process: dllhost.exe)
2013/09/17 09:35:28 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 54908, Process: dllhost.exe)
2013/09/17 09:36:00 -0400 SANDRA-PC Sandra MESSAGE Executing scheduled update:  Flash Scan | Realtime
2013/09/17 09:36:01 -0400 SANDRA-PC Sandra MESSAGE Database already up-to-date
2013/09/17 09:40:44 -0400 SANDRA-PC Sandra IP-BLOCK 195.3.145.244 (Type: outgoing, Port: 56269, Process: dllhost.exe)
2013/09/17 09:41:00 -0400 SANDRA-PC Sandra MESSAGE Executing scheduled update:  Flash Scan | Realtime
2013/09/17 09:41:01 -0400 SANDRA-PC Sandra MESSAGE Database already up-to-date
2013/09/17 09:46:00 -0400 SANDRA-PC Sandra MESSAGE Executing scheduled update:  Flash Scan | Realtime
2013/09/17 09:46:01 -0400 SANDRA-PC Sandra MESSAGE Database already up-to-date
2013/09/17 09:51:00 -0400 SANDRA-PC Sandra MESSAGE Executing scheduled update:  Flash Scan | Realtime
2013/09/17 09:51:01 -0400 SANDRA-PC Sandra MESSAGE Database already up-to-date
2013/09/17 09:56:00 -0400 SANDRA-PC Sandra MESSAGE Executing scheduled update:  Flash Scan | Realtime
2013/09/17 09:56:01 -0400 SANDRA-PC Sandra MESSAGE Database already up-to-date
2013/09/17 10:01:00 -0400 SANDRA-PC Sandra MESSAGE Executing scheduled update:  Flash Scan | Realtime
2013/09/17 10:01:07 -0400 SANDRA-PC Sandra MESSAGE Scheduled update executed successfully:  database updated from version v2013.09.17.06 to version v2013.09.17.07
2013/09/17 10:01:07 -0400 SANDRA-PC Sandra MESSAGE Starting database refresh
2013/09/17 10:01:08 -0400 SANDRA-PC Sandra MESSAGE Stopping IP protection
2013/09/17 10:01:09 -0400 SANDRA-PC Sandra MESSAGE IP Protection stopped successfully
2013/09/17 10:01:10 -0400 SANDRA-PC Sandra MESSAGE Executing scheduled scan:  Flash Scan | -terminate
2013/09/17 10:01:10 -0400 SANDRA-PC Sandra MESSAGE Scheduled scan executed successfully
2013/09/17 10:01:35 -0400 SANDRA-PC Sandra MESSAGE Database refreshed successfully
2013/09/17 10:01:35 -0400 SANDRA-PC Sandra MESSAGE Starting IP protection
2013/09/17 10:01:43 -0400 SANDRA-PC Sandra MESSAGE IP Protection started successfully
2013/09/17 10:05:04 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 59525, Process: dllhost.exe)
2013/09/17 10:05:04 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 59526, Process: dllhost.exe)
2013/09/17 10:05:04 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 59527, Process: dllhost.exe)
2013/09/17 10:05:04 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 59528, Process: dllhost.exe)
2013/09/17 10:06:00 -0400 SANDRA-PC Sandra MESSAGE Executing scheduled update:  Flash Scan | Realtime
2013/09/17 10:06:01 -0400 SANDRA-PC Sandra MESSAGE Database already up-to-date
2013/09/17 10:09:21 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 60230, Process: dllhost.exe)
2013/09/17 10:09:21 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 60231, Process: dllhost.exe)
2013/09/17 10:09:21 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 60232, Process: dllhost.exe)
2013/09/17 10:09:21 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 60233, Process: dllhost.exe)
2013/09/17 10:10:00 -0400 SANDRA-PC Sandra MESSAGE Executing scheduled scan:  Quick Scan | Hourly | Silent | -remove | -terminate | -reboot | -log
2013/09/17 10:10:00 -0400 SANDRA-PC Sandra MESSAGE Scheduled scan executed successfully
2013/09/17 10:11:00 -0400 SANDRA-PC Sandra MESSAGE Executing scheduled update:  Flash Scan | Realtime
2013/09/17 10:11:01 -0400 SANDRA-PC Sandra MESSAGE Database already up-to-date
2013/09/17 10:16:00 -0400 SANDRA-PC Sandra MESSAGE Executing scheduled update:  Flash Scan | Realtime
2013/09/17 10:16:01 -0400 SANDRA-PC Sandra MESSAGE Database already up-to-date
2013/09/17 10:21:00 -0400 SANDRA-PC Sandra MESSAGE Executing scheduled update:  Flash Scan | Realtime
2013/09/17 10:21:01 -0400 SANDRA-PC Sandra MESSAGE Database already up-to-date
2013/09/17 10:26:00 -0400 SANDRA-PC Sandra MESSAGE Executing scheduled update:  Flash Scan | Realtime
2013/09/17 10:26:01 -0400 SANDRA-PC Sandra MESSAGE Database already up-to-date
2013/09/17 10:31:00 -0400 SANDRA-PC Sandra MESSAGE Executing scheduled update:  Flash Scan | Realtime
2013/09/17 10:31:01 -0400 SANDRA-PC Sandra MESSAGE Database already up-to-date
2013/09/17 10:32:03 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 63402, Process: dllhost.exe)
2013/09/17 10:32:03 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 63403, Process: dllhost.exe)
2013/09/17 10:32:03 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 63404, Process: dllhost.exe)
2013/09/17 10:32:03 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 63405, Process: dllhost.exe)
2013/09/17 10:36:00 -0400 SANDRA-PC Sandra MESSAGE Executing scheduled update:  Flash Scan | Realtime
2013/09/17 10:36:01 -0400 SANDRA-PC Sandra MESSAGE Database already up-to-date
2013/09/17 10:41:00 -0400 SANDRA-PC Sandra MESSAGE Executing scheduled update:  Flash Scan | Realtime
2013/09/17 10:41:01 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 64463, Process: dllhost.exe)
2013/09/17 10:41:01 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 64464, Process: dllhost.exe)
2013/09/17 10:41:01 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 64465, Process: dllhost.exe)
2013/09/17 10:41:01 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 64466, Process: dllhost.exe)
2013/09/17 10:41:01 -0400 SANDRA-PC Sandra MESSAGE Database already up-to-date
2013/09/17 10:46:00 -0400 SANDRA-PC Sandra MESSAGE Executing scheduled update:  Flash Scan | Realtime
2013/09/17 10:46:13 -0400 SANDRA-PC Sandra MESSAGE Database already up-to-date
2013/09/17 10:51:00 -0400 SANDRA-PC Sandra MESSAGE Executing scheduled update:  Flash Scan | Realtime
2013/09/17 10:51:01 -0400 SANDRA-PC Sandra MESSAGE Database already up-to-date
2013/09/17 10:56:00 -0400 SANDRA-PC Sandra MESSAGE Executing scheduled update:  Flash Scan | Realtime
2013/09/17 10:56:01 -0400 SANDRA-PC Sandra MESSAGE Database already up-to-date
2013/09/17 11:01:00 -0400 SANDRA-PC Sandra MESSAGE Executing scheduled update:  Flash Scan | Realtime
2013/09/17 11:01:01 -0400 SANDRA-PC Sandra MESSAGE Database already up-to-date
2013/09/17 11:06:00 -0400 SANDRA-PC Sandra MESSAGE Executing scheduled update:  Flash Scan | Realtime
2013/09/17 11:06:01 -0400 SANDRA-PC Sandra MESSAGE Database already up-to-date
2013/09/17 11:06:04 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 50983, Process: dllhost.exe)
2013/09/17 11:06:04 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 50984, Process: dllhost.exe)
2013/09/17 11:06:04 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 50985, Process: dllhost.exe)
2013/09/17 11:06:04 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 50987, Process: dllhost.exe)
2013/09/17 11:10:00 -0400 SANDRA-PC Sandra MESSAGE Executing scheduled scan:  Quick Scan | Hourly | Silent | -remove | -terminate | -reboot | -log
2013/09/17 11:10:00 -0400 SANDRA-PC Sandra MESSAGE Scheduled scan executed successfully
2013/09/17 11:11:00 -0400 SANDRA-PC Sandra MESSAGE Executing scheduled update:  Flash Scan | Realtime
2013/09/17 11:11:01 -0400 SANDRA-PC Sandra MESSAGE Database already up-to-date
2013/09/17 11:16:00 -0400 SANDRA-PC Sandra MESSAGE Executing scheduled update:  Flash Scan | Realtime
2013/09/17 11:16:02 -0400 SANDRA-PC Sandra MESSAGE Database already up-to-date
2013/09/17 11:21:00 -0400 SANDRA-PC Sandra MESSAGE Executing scheduled update:  Flash Scan | Realtime
2013/09/17 11:21:01 -0400 SANDRA-PC Sandra MESSAGE Database already up-to-date
2013/09/17 11:26:00 -0400 SANDRA-PC Sandra MESSAGE Executing scheduled update:  Flash Scan | Realtime
2013/09/17 11:26:01 -0400 SANDRA-PC Sandra MESSAGE Database already up-to-date
2013/09/17 11:31:00 -0400 SANDRA-PC Sandra MESSAGE Executing scheduled update:  Flash Scan | Realtime
2013/09/17 11:31:01 -0400 SANDRA-PC Sandra MESSAGE Database already up-to-date
2013/09/17 11:31:12 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 54963, Process: dllhost.exe)
2013/09/17 11:31:12 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 54964, Process: dllhost.exe)
2013/09/17 11:31:12 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 54965, Process: dllhost.exe)
2013/09/17 11:31:12 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 54966, Process: dllhost.exe)
2013/09/17 11:36:00 -0400 SANDRA-PC Sandra MESSAGE Executing scheduled update:  Flash Scan | Realtime
2013/09/17 11:36:01 -0400 SANDRA-PC Sandra MESSAGE Database already up-to-date
2013/09/17 11:41:00 -0400 SANDRA-PC Sandra MESSAGE Executing scheduled update:  Flash Scan | Realtime
2013/09/17 11:41:01 -0400 SANDRA-PC Sandra MESSAGE Database already up-to-date
2013/09/17 11:45:57 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 57059, Process: dllhost.exe)
2013/09/17 11:45:57 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 57060, Process: dllhost.exe)
2013/09/17 11:45:57 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 57061, Process: dllhost.exe)
2013/09/17 11:45:57 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 57062, Process: dllhost.exe)
2013/09/17 11:46:00 -0400 SANDRA-PC Sandra MESSAGE Executing scheduled update:  Flash Scan | Realtime
2013/09/17 11:46:01 -0400 SANDRA-PC Sandra MESSAGE Database already up-to-date
2013/09/17 11:51:00 -0400 SANDRA-PC Sandra MESSAGE Executing scheduled update:  Flash Scan | Realtime
2013/09/17 11:51:07 -0400 SANDRA-PC Sandra MESSAGE Scheduled update executed successfully:  database updated from version v2013.09.17.07 to version v2013.09.17.08
2013/09/17 11:51:07 -0400 SANDRA-PC Sandra MESSAGE Starting database refresh
2013/09/17 11:51:08 -0400 SANDRA-PC Sandra MESSAGE Stopping IP protection
2013/09/17 11:51:10 -0400 SANDRA-PC Sandra MESSAGE IP Protection stopped successfully
2013/09/17 11:51:10 -0400 SANDRA-PC Sandra MESSAGE Executing scheduled scan:  Flash Scan | -terminate
2013/09/17 11:51:10 -0400 SANDRA-PC Sandra MESSAGE Scheduled scan executed successfully
2013/09/17 11:51:52 -0400 SANDRA-PC Sandra MESSAGE Database refreshed successfully
2013/09/17 11:51:52 -0400 SANDRA-PC Sandra MESSAGE Starting IP protection
2013/09/17 11:52:00 -0400 SANDRA-PC Sandra MESSAGE IP Protection started successfully
2013/09/17 11:56:00 -0400 SANDRA-PC Sandra MESSAGE Executing scheduled update:  Flash Scan | Realtime
2013/09/17 11:56:01 -0400 SANDRA-PC Sandra MESSAGE Database already up-to-date
2013/09/17 12:01:00 -0400 SANDRA-PC Sandra MESSAGE Executing scheduled update:  Flash Scan | Realtime
2013/09/17 12:01:01 -0400 SANDRA-PC Sandra MESSAGE Database already up-to-date
2013/09/17 12:03:24 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 59755, Process: dllhost.exe)
2013/09/17 12:03:24 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 59756, Process: dllhost.exe)
2013/09/17 12:03:24 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 59759, Process: dllhost.exe)
2013/09/17 12:03:24 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 59760, Process: dllhost.exe)
2013/09/17 12:06:00 -0400 SANDRA-PC Sandra MESSAGE Executing scheduled update:  Flash Scan | Realtime
2013/09/17 12:06:01 -0400 SANDRA-PC Sandra MESSAGE Database already up-to-date
2013/09/17 12:10:00 -0400 SANDRA-PC Sandra MESSAGE Executing scheduled scan:  Quick Scan | Hourly | Silent | -remove | -terminate | -reboot | -log
2013/09/17 12:10:00 -0400 SANDRA-PC Sandra MESSAGE Scheduled scan executed successfully
2013/09/17 12:11:00 -0400 SANDRA-PC Sandra MESSAGE Executing scheduled update:  Flash Scan | Realtime
2013/09/17 12:11:01 -0400 SANDRA-PC Sandra MESSAGE Database already up-to-date
2013/09/17 12:11:21 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 61165, Process: dllhost.exe)
2013/09/17 12:11:21 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 61164, Process: dllhost.exe)
2013/09/17 12:11:21 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 61166, Process: dllhost.exe)
2013/09/17 12:11:21 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 61167, Process: dllhost.exe)
2013/09/17 12:16:00 -0400 SANDRA-PC Sandra MESSAGE Executing scheduled update:  Flash Scan | Realtime
2013/09/17 12:16:01 -0400 SANDRA-PC Sandra MESSAGE Database already up-to-date
2013/09/17 12:21:00 -0400 SANDRA-PC Sandra MESSAGE Executing scheduled update:  Flash Scan | Realtime
2013/09/17 12:21:01 -0400 SANDRA-PC Sandra MESSAGE Database already up-to-date
2013/09/17 12:21:37 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 62731, Process: dllhost.exe)
2013/09/17 12:21:37 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 62732, Process: dllhost.exe)
2013/09/17 12:21:37 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 62733, Process: dllhost.exe)
2013/09/17 12:21:37 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 62734, Process: dllhost.exe)
2013/09/17 12:21:54 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 62801, Process: dllhost.exe)
2013/09/17 12:21:54 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 62802, Process: dllhost.exe)
2013/09/17 12:21:54 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 62803, Process: dllhost.exe)
2013/09/17 12:21:54 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 62804, Process: dllhost.exe)
2013/09/17 12:26:00 -0400 SANDRA-PC Sandra MESSAGE Executing scheduled update:  Flash Scan | Realtime
2013/09/17 12:26:01 -0400 SANDRA-PC Sandra MESSAGE Database already up-to-date
2013/09/17 12:31:00 -0400 SANDRA-PC Sandra MESSAGE Executing scheduled update:  Flash Scan | Realtime
2013/09/17 12:31:01 -0400 SANDRA-PC Sandra MESSAGE Database already up-to-date
2013/09/17 12:36:00 -0400 SANDRA-PC Sandra MESSAGE Executing scheduled update:  Flash Scan | Realtime
2013/09/17 12:36:01 -0400 SANDRA-PC Sandra MESSAGE Database already up-to-date
2013/09/17 12:41:00 -0400 SANDRA-PC Sandra MESSAGE Executing scheduled update:  Flash Scan | Realtime
2013/09/17 12:41:01 -0400 SANDRA-PC Sandra MESSAGE Database already up-to-date
2013/09/17 12:46:00 -0400 SANDRA-PC Sandra MESSAGE Executing scheduled update:  Flash Scan | Realtime
2013/09/17 12:46:01 -0400 SANDRA-PC Sandra MESSAGE Database already up-to-date
2013/09/17 12:51:00 -0400 SANDRA-PC Sandra MESSAGE Executing scheduled update:  Flash Scan | Realtime
2013/09/17 12:51:01 -0400 SANDRA-PC Sandra MESSAGE Database already up-to-date
2013/09/17 12:56:00 -0400 SANDRA-PC Sandra MESSAGE Executing scheduled update:  Flash Scan | Realtime
2013/09/17 12:56:01 -0400 SANDRA-PC Sandra MESSAGE Database already up-to-date
2013/09/17 13:01:00 -0400 SANDRA-PC Sandra MESSAGE Executing scheduled update:  Flash Scan | Realtime
2013/09/17 13:01:01 -0400 SANDRA-PC Sandra MESSAGE Database already up-to-date
2013/09/17 13:01:44 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 52938, Process: dllhost.exe)
2013/09/17 13:01:44 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 52939, Process: dllhost.exe)
2013/09/17 13:01:45 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 52940, Process: dllhost.exe)
2013/09/17 13:01:45 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 52941, Process: dllhost.exe)
2013/09/17 13:06:00 -0400 SANDRA-PC Sandra MESSAGE Executing scheduled update:  Flash Scan | Realtime
2013/09/17 13:06:01 -0400 SANDRA-PC Sandra MESSAGE Database already up-to-date
2013/09/17 13:10:00 -0400 SANDRA-PC Sandra MESSAGE Executing scheduled scan:  Quick Scan | Hourly | Silent | -remove | -terminate | -reboot | -log
2013/09/17 13:10:00 -0400 SANDRA-PC Sandra MESSAGE Scheduled scan executed successfully
2013/09/17 13:11:00 -0400 SANDRA-PC Sandra MESSAGE Executing scheduled update:  Flash Scan | Realtime
2013/09/17 13:11:01 -0400 SANDRA-PC Sandra MESSAGE Database already up-to-date
2013/09/17 13:16:00 -0400 SANDRA-PC Sandra MESSAGE Executing scheduled update:  Flash Scan | Realtime
2013/09/17 13:16:01 -0400 SANDRA-PC Sandra MESSAGE Database already up-to-date
2013/09/17 13:19:27 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 54381, Process: dllhost.exe)
2013/09/17 13:19:27 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 54382, Process: dllhost.exe)
2013/09/17 13:19:27 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 54383, Process: dllhost.exe)
2013/09/17 13:19:27 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 54384, Process: dllhost.exe)
2013/09/17 13:20:39 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 54466, Process: dllhost.exe)
2013/09/17 13:20:39 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 54467, Process: dllhost.exe)
2013/09/17 13:20:39 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 54468, Process: dllhost.exe)
2013/09/17 13:20:39 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 54469, Process: dllhost.exe)
2013/09/17 13:21:00 -0400 SANDRA-PC Sandra MESSAGE Executing scheduled update:  Flash Scan | Realtime
2013/09/17 13:21:02 -0400 SANDRA-PC Sandra MESSAGE Database already up-to-date
2013/09/17 13:26:00 -0400 SANDRA-PC Sandra MESSAGE Executing scheduled update:  Flash Scan | Realtime
2013/09/17 13:26:01 -0400 SANDRA-PC Sandra MESSAGE Database already up-to-date
2013/09/17 13:31:00 -0400 SANDRA-PC Sandra MESSAGE Executing scheduled update:  Flash Scan | Realtime
2013/09/17 13:31:01 -0400 SANDRA-PC Sandra MESSAGE Database already up-to-date
2013/09/17 13:32:43 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 56165, Process: dllhost.exe)
2013/09/17 13:32:43 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 56166, Process: dllhost.exe)
2013/09/17 13:32:43 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 56167, Process: dllhost.exe)
2013/09/17 13:32:43 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 56168, Process: dllhost.exe)
2013/09/17 13:36:00 -0400 SANDRA-PC Sandra MESSAGE Executing scheduled update:  Flash Scan | Realtime
2013/09/17 13:36:01 -0400 SANDRA-PC Sandra MESSAGE Database already up-to-date
2013/09/17 13:41:00 -0400 SANDRA-PC Sandra MESSAGE Executing scheduled update:  Flash Scan | Realtime
2013/09/17 13:41:01 -0400 SANDRA-PC Sandra MESSAGE Database already up-to-date
2013/09/17 13:44:38 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 57781, Process: dllhost.exe)
2013/09/17 13:44:38 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 57783, Process: dllhost.exe)
2013/09/17 13:44:38 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 57782, Process: dllhost.exe)
2013/09/17 13:46:00 -0400 SANDRA-PC Sandra MESSAGE Executing scheduled update:  Flash Scan | Realtime
2013/09/17 13:46:01 -0400 SANDRA-PC Sandra MESSAGE Database already up-to-date
2013/09/17 13:51:00 -0400 SANDRA-PC Sandra MESSAGE Executing scheduled update:  Flash Scan | Realtime
2013/09/17 13:51:01 -0400 SANDRA-PC Sandra MESSAGE Database already up-to-date
2013/09/17 13:52:09 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 59462, Process: dllhost.exe)
2013/09/17 13:52:09 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 59464, Process: dllhost.exe)
2013/09/17 13:52:09 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 59463, Process: dllhost.exe)
2013/09/17 13:56:00 -0400 SANDRA-PC Sandra MESSAGE Executing scheduled update:  Flash Scan | Realtime
2013/09/17 13:56:01 -0400 SANDRA-PC Sandra MESSAGE Database already up-to-date
2013/09/17 13:58:12 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 60852, Process: dllhost.exe)
2013/09/17 13:58:12 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 60853, Process: dllhost.exe)
2013/09/17 13:58:12 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 60854, Process: dllhost.exe)
2013/09/17 13:58:12 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 60855, Process: dllhost.exe)
2013/09/17 14:01:00 -0400 SANDRA-PC Sandra MESSAGE Executing scheduled update:  Flash Scan | Realtime
2013/09/17 14:01:01 -0400 SANDRA-PC Sandra MESSAGE Database already up-to-date
2013/09/17 14:03:27 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 62530, Process: dllhost.exe)
2013/09/17 14:03:27 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 62531, Process: dllhost.exe)
2013/09/17 14:03:27 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 62532, Process: dllhost.exe)
2013/09/17 14:03:27 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 62533, Process: dllhost.exe)
2013/09/17 14:06:00 -0400 SANDRA-PC Sandra MESSAGE Executing scheduled update:  Flash Scan | Realtime
2013/09/17 14:06:02 -0400 SANDRA-PC Sandra MESSAGE Database already up-to-date
2013/09/17 14:07:05 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 63358, Process: dllhost.exe)
2013/09/17 14:07:05 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 63359, Process: dllhost.exe)
2013/09/17 14:07:05 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 63360, Process: dllhost.exe)
2013/09/17 14:07:05 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 63361, Process: dllhost.exe)
2013/09/17 14:10:00 -0400 SANDRA-PC Sandra MESSAGE Executing scheduled scan:  Quick Scan | Hourly | Silent | -remove | -terminate | -reboot | -log
2013/09/17 14:10:00 -0400 SANDRA-PC Sandra MESSAGE Scheduled scan executed successfully
2013/09/17 14:11:00 -0400 SANDRA-PC Sandra MESSAGE Executing scheduled update:  Flash Scan | Realtime
2013/09/17 14:11:01 -0400 SANDRA-PC Sandra MESSAGE Database already up-to-date
2013/09/17 14:16:00 -0400 SANDRA-PC Sandra MESSAGE Executing scheduled update:  Flash Scan | Realtime
2013/09/17 14:16:01 -0400 SANDRA-PC Sandra MESSAGE Database already up-to-date
2013/09/17 14:21:00 -0400 SANDRA-PC Sandra MESSAGE Executing scheduled update:  Flash Scan | Realtime
2013/09/17 14:21:01 -0400 SANDRA-PC Sandra MESSAGE Database already up-to-date
2013/09/17 14:26:00 -0400 SANDRA-PC Sandra MESSAGE Executing scheduled update:  Flash Scan | Realtime
2013/09/17 14:26:01 -0400 SANDRA-PC Sandra MESSAGE Database already up-to-date
2013/09/17 14:31:00 -0400 SANDRA-PC Sandra MESSAGE Executing scheduled update:  Flash Scan | Realtime
2013/09/17 14:31:01 -0400 SANDRA-PC Sandra MESSAGE Database already up-to-date
2013/09/17 14:36:00 -0400 SANDRA-PC Sandra MESSAGE Executing scheduled update:  Flash Scan | Realtime
2013/09/17 14:36:01 -0400 SANDRA-PC Sandra MESSAGE Database already up-to-date
2013/09/17 14:41:00 -0400 SANDRA-PC Sandra MESSAGE Executing scheduled update:  Flash Scan | Realtime
2013/09/17 14:41:01 -0400 SANDRA-PC Sandra MESSAGE Database already up-to-date
2013/09/17 14:46:00 -0400 SANDRA-PC Sandra MESSAGE Executing scheduled update:  Flash Scan | Realtime
2013/09/17 14:46:01 -0400 SANDRA-PC Sandra MESSAGE Database already up-to-date
2013/09/17 14:48:46 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 51454, Process: dllhost.exe)
2013/09/17 14:48:46 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 51455, Process: dllhost.exe)
2013/09/17 14:48:46 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 51456, Process: dllhost.exe)
2013/09/17 14:48:46 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 51457, Process: dllhost.exe)
2013/09/17 14:51:00 -0400 SANDRA-PC Sandra MESSAGE Executing scheduled update:  Flash Scan | Realtime
2013/09/17 14:51:01 -0400 SANDRA-PC Sandra MESSAGE Database already up-to-date
2013/09/17 14:56:00 -0400 SANDRA-PC Sandra MESSAGE Executing scheduled update:  Flash Scan | Realtime
2013/09/17 14:56:01 -0400 SANDRA-PC Sandra MESSAGE Database already up-to-date
2013/09/17 14:58:41 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 52958, Process: dllhost.exe)
2013/09/17 14:58:42 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 52959, Process: dllhost.exe)
2013/09/17 14:58:42 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 52960, Process: dllhost.exe)
2013/09/17 14:58:42 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 52961, Process: dllhost.exe)
2013/09/17 15:01:00 -0400 SANDRA-PC Sandra MESSAGE Executing scheduled update:  Flash Scan | Realtime
2013/09/17 15:01:01 -0400 SANDRA-PC Sandra MESSAGE Database already up-to-date
2013/09/17 15:02:27 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 53392, Process: dllhost.exe)
2013/09/17 15:02:27 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 53391, Process: dllhost.exe)
2013/09/17 15:02:27 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 53394, Process: dllhost.exe)
2013/09/17 15:02:27 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 53393, Process: dllhost.exe)
2013/09/17 15:06:00 -0400 SANDRA-PC Sandra MESSAGE Executing scheduled update:  Flash Scan | Realtime
2013/09/17 15:06:01 -0400 SANDRA-PC Sandra MESSAGE Database already up-to-date
2013/09/17 15:10:00 -0400 SANDRA-PC Sandra MESSAGE Executing scheduled scan:  Quick Scan | Hourly | Silent | -remove | -terminate | -reboot | -log
2013/09/17 15:10:00 -0400 SANDRA-PC Sandra MESSAGE Scheduled scan executed successfully
2013/09/17 15:11:00 -0400 SANDRA-PC Sandra MESSAGE Executing scheduled update:  Flash Scan | Realtime
2013/09/17 15:11:01 -0400 SANDRA-PC Sandra MESSAGE Database already up-to-date
2013/09/17 15:16:00 -0400 SANDRA-PC Sandra MESSAGE Executing scheduled update:  Flash Scan | Realtime
2013/09/17 15:16:01 -0400 SANDRA-PC Sandra MESSAGE Database already up-to-date
2013/09/17 15:21:00 -0400 SANDRA-PC Sandra MESSAGE Executing scheduled update:  Flash Scan | Realtime
2013/09/17 15:21:01 -0400 SANDRA-PC Sandra MESSAGE Database already up-to-date
2013/09/17 15:23:45 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 54733, Process: dllhost.exe)
2013/09/17 15:23:45 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 54734, Process: dllhost.exe)
2013/09/17 15:23:45 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 54735, Process: dllhost.exe)
2013/09/17 15:23:45 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 54736, Process: dllhost.exe)
2013/09/17 15:26:00 -0400 SANDRA-PC Sandra MESSAGE Executing scheduled update:  Flash Scan | Realtime
2013/09/17 15:26:01 -0400 SANDRA-PC Sandra MESSAGE Database already up-to-date
2013/09/17 15:29:30 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 55452, Process: dllhost.exe)
2013/09/17 15:29:30 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 55453, Process: dllhost.exe)
2013/09/17 15:29:30 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 55454, Process: dllhost.exe)
2013/09/17 15:29:30 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 55455, Process: dllhost.exe)
2013/09/17 15:29:46 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 55481, Process: dllhost.exe)
2013/09/17 15:29:46 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 55480, Process: dllhost.exe)
2013/09/17 15:29:46 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 55482, Process: dllhost.exe)
2013/09/17 15:29:46 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 55483, Process: dllhost.exe)
2013/09/17 15:31:00 -0400 SANDRA-PC Sandra MESSAGE Executing scheduled update:  Flash Scan | Realtime
2013/09/17 15:31:08 -0400 SANDRA-PC Sandra MESSAGE Scheduled update executed successfully:  database updated from version v2013.09.17.08 to version v2013.09.17.09
2013/09/17 15:31:08 -0400 SANDRA-PC Sandra MESSAGE Starting database refresh
2013/09/17 15:31:09 -0400 SANDRA-PC Sandra MESSAGE Stopping IP protection
2013/09/17 15:31:10 -0400 SANDRA-PC Sandra MESSAGE IP Protection stopped successfully
2013/09/17 15:31:11 -0400 SANDRA-PC Sandra MESSAGE Executing scheduled scan:  Flash Scan | -terminate
2013/09/17 15:31:11 -0400 SANDRA-PC Sandra MESSAGE Scheduled scan executed successfully
2013/09/17 15:31:35 -0400 SANDRA-PC Sandra MESSAGE Database refreshed successfully
2013/09/17 15:31:35 -0400 SANDRA-PC Sandra MESSAGE Starting IP protection
2013/09/17 15:31:43 -0400 SANDRA-PC Sandra MESSAGE IP Protection started successfully
2013/09/17 15:36:00 -0400 SANDRA-PC Sandra MESSAGE Executing scheduled update:  Flash Scan | Realtime
2013/09/17 15:36:01 -0400 SANDRA-PC Sandra MESSAGE Database already up-to-date
2013/09/17 15:38:33 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 56475, Process: dllhost.exe)
2013/09/17 15:38:33 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 56476, Process: dllhost.exe)
2013/09/17 15:38:33 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 56477, Process: dllhost.exe)
2013/09/17 15:38:33 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 56478, Process: dllhost.exe)
2013/09/17 15:41:00 -0400 SANDRA-PC Sandra MESSAGE Executing scheduled update:  Flash Scan | Realtime
2013/09/17 15:41:01 -0400 SANDRA-PC Sandra MESSAGE Database already up-to-date
2013/09/17 15:46:00 -0400 SANDRA-PC Sandra MESSAGE Executing scheduled update:  Flash Scan | Realtime
2013/09/17 15:46:01 -0400 SANDRA-PC Sandra MESSAGE Database already up-to-date
2013/09/17 15:50:36 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 57835, Process: dllhost.exe)
2013/09/17 15:50:36 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 57834, Process: dllhost.exe)
2013/09/17 15:50:36 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 57836, Process: dllhost.exe)
2013/09/17 15:50:36 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 57837, Process: dllhost.exe)
2013/09/17 15:51:00 -0400 SANDRA-PC Sandra MESSAGE Executing scheduled update:  Flash Scan | Realtime
2013/09/17 15:51:01 -0400 SANDRA-PC Sandra MESSAGE Database already up-to-date
2013/09/17 15:56:00 -0400 SANDRA-PC Sandra MESSAGE Executing scheduled update:  Flash Scan | Realtime
2013/09/17 15:56:01 -0400 SANDRA-PC Sandra MESSAGE Database already up-to-date
2013/09/17 16:01:00 -0400 SANDRA-PC Sandra MESSAGE Executing scheduled update:  Flash Scan | Realtime
2013/09/17 16:01:01 -0400 SANDRA-PC Sandra MESSAGE Database already up-to-date
2013/09/17 16:06:00 -0400 SANDRA-PC Sandra MESSAGE Executing scheduled update:  Flash Scan | Realtime
2013/09/17 16:06:01 -0400 SANDRA-PC Sandra MESSAGE Database already up-to-date
2013/09/17 16:10:00 -0400 SANDRA-PC Sandra MESSAGE Executing scheduled scan:  Quick Scan | Hourly | Silent | -remove | -terminate | -reboot | -log
2013/09/17 16:10:00 -0400 SANDRA-PC Sandra MESSAGE Scheduled scan executed successfully
2013/09/17 16:11:00 -0400 SANDRA-PC Sandra MESSAGE Executing scheduled update:  Flash Scan | Realtime
2013/09/17 16:11:01 -0400 SANDRA-PC Sandra MESSAGE Database already up-to-date
2013/09/17 16:16:00 -0400 SANDRA-PC Sandra MESSAGE Executing scheduled update:  Flash Scan | Realtime
2013/09/17 16:16:02 -0400 SANDRA-PC Sandra MESSAGE Database already up-to-date
2013/09/17 16:21:00 -0400 SANDRA-PC Sandra MESSAGE Executing scheduled update:  Flash Scan | Realtime
2013/09/17 16:21:01 -0400 SANDRA-PC Sandra MESSAGE Database already up-to-date
2013/09/17 16:23:56 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 61687, Process: dllhost.exe)
2013/09/17 16:23:56 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 61688, Process: dllhost.exe)
2013/09/17 16:23:56 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 61689, Process: dllhost.exe)
2013/09/17 16:23:56 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 61690, Process: dllhost.exe)
2013/09/17 16:24:20 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 61709, Process: dllhost.exe)
2013/09/17 16:24:20 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 61710, Process: dllhost.exe)
2013/09/17 16:24:20 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 61711, Process: dllhost.exe)
2013/09/17 16:24:20 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 61712, Process: dllhost.exe)
2013/09/17 16:24:20 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 61721, Process: dllhost.exe)
2013/09/17 16:24:20 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 61722, Process: dllhost.exe)
2013/09/17 16:24:20 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 61723, Process: dllhost.exe)
2013/09/17 16:24:20 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 61724, Process: dllhost.exe)
2013/09/17 16:26:00 -0400 SANDRA-PC Sandra MESSAGE Executing scheduled update:  Flash Scan | Realtime
2013/09/17 16:26:01 -0400 SANDRA-PC Sandra MESSAGE Database already up-to-date
2013/09/17 16:31:00 -0400 SANDRA-PC Sandra MESSAGE Executing scheduled update:  Flash Scan | Realtime
2013/09/17 16:31:01 -0400 SANDRA-PC Sandra MESSAGE Database already up-to-date
2013/09/17 16:36:00 -0400 SANDRA-PC Sandra MESSAGE Executing scheduled update:  Flash Scan | Realtime
2013/09/17 16:36:01 -0400 SANDRA-PC Sandra MESSAGE Database already up-to-date
2013/09/17 16:41:00 -0400 SANDRA-PC Sandra MESSAGE Executing scheduled update:  Flash Scan | Realtime
2013/09/17 16:41:01 -0400 SANDRA-PC Sandra MESSAGE Database already up-to-date
2013/09/17 16:46:00 -0400 SANDRA-PC Sandra MESSAGE Executing scheduled update:  Flash Scan | Realtime
2013/09/17 16:46:01 -0400 SANDRA-PC Sandra MESSAGE Database already up-to-date
2013/09/17 16:51:00 -0400 SANDRA-PC Sandra MESSAGE Executing scheduled update:  Flash Scan | Realtime
2013/09/17 16:51:01 -0400 SANDRA-PC Sandra MESSAGE Database already up-to-date
2013/09/17 16:56:00 -0400 SANDRA-PC Sandra MESSAGE Executing scheduled update:  Flash Scan | Realtime
2013/09/17 16:56:01 -0400 SANDRA-PC Sandra MESSAGE Database already up-to-date
2013/09/17 17:00:58 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 64829, Process: dllhost.exe)
2013/09/17 17:00:58 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 64828, Process: dllhost.exe)
2013/09/17 17:00:58 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 64830, Process: dllhost.exe)
2013/09/17 17:00:58 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 64831, Process: dllhost.exe)
2013/09/17 17:01:00 -0400 SANDRA-PC Sandra MESSAGE Executing scheduled update:  Flash Scan | Realtime
2013/09/17 17:01:01 -0400 SANDRA-PC Sandra MESSAGE Database already up-to-date
2013/09/17 17:01:06 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 64841, Process: dllhost.exe)
2013/09/17 17:01:06 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 64842, Process: dllhost.exe)
2013/09/17 17:01:06 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 64843, Process: dllhost.exe)
2013/09/17 17:01:06 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 64844, Process: dllhost.exe)
2013/09/17 17:02:35 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 65015, Process: dllhost.exe)
2013/09/17 17:02:35 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 65016, Process: dllhost.exe)
2013/09/17 17:02:35 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 65017, Process: dllhost.exe)
2013/09/17 17:02:35 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 65018, Process: dllhost.exe)
2013/09/17 17:04:04 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 65275, Process: dllhost.exe)
2013/09/17 17:04:04 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 65276, Process: dllhost.exe)
2013/09/17 17:04:04 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 65277, Process: dllhost.exe)
2013/09/17 17:04:04 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 65278, Process: dllhost.exe)
2013/09/17 17:04:28 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 65389, Process: dllhost.exe)
2013/09/17 17:04:28 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 65390, Process: dllhost.exe)
2013/09/17 17:04:28 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 65392, Process: dllhost.exe)
2013/09/17 17:04:28 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 65391, Process: dllhost.exe)
2013/09/17 17:05:48 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 49311, Process: dllhost.exe)
2013/09/17 17:05:48 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 49312, Process: dllhost.exe)
2013/09/17 17:05:49 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 49314, Process: dllhost.exe)
2013/09/17 17:05:49 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 49313, Process: dllhost.exe)
2013/09/17 17:06:00 -0400 SANDRA-PC Sandra MESSAGE Executing scheduled update:  Flash Scan | Realtime
2013/09/17 17:06:01 -0400 SANDRA-PC Sandra MESSAGE Database already up-to-date
2013/09/17 17:10:00 -0400 SANDRA-PC Sandra MESSAGE Executing scheduled scan:  Quick Scan | Hourly | Silent | -remove | -terminate | -reboot | -log
2013/09/17 17:10:00 -0400 SANDRA-PC Sandra MESSAGE Scheduled scan executed successfully
2013/09/17 17:11:00 -0400 SANDRA-PC Sandra MESSAGE Executing scheduled update:  Flash Scan | Realtime
2013/09/17 17:11:01 -0400 SANDRA-PC Sandra MESSAGE Database already up-to-date
2013/09/17 17:16:00 -0400 SANDRA-PC Sandra MESSAGE Executing scheduled update:  Flash Scan | Realtime
2013/09/17 17:16:01 -0400 SANDRA-PC Sandra MESSAGE Database already up-to-date
2013/09/17 17:21:00 -0400 SANDRA-PC Sandra MESSAGE Executing scheduled update:  Flash Scan | Realtime
2013/09/17 17:21:01 -0400 SANDRA-PC Sandra MESSAGE Database already up-to-date
2013/09/17 17:25:09 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 51518, Process: dllhost.exe)
2013/09/17 17:25:09 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 51519, Process: dllhost.exe)
2013/09/17 17:25:09 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 51520, Process: dllhost.exe)
2013/09/17 17:25:09 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 51521, Process: dllhost.exe)
2013/09/17 17:26:00 -0400 SANDRA-PC Sandra MESSAGE Executing scheduled update:  Flash Scan | Realtime
2013/09/17 17:26:01 -0400 SANDRA-PC Sandra MESSAGE Database already up-to-date
2013/09/17 17:26:13 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 51730, Process: dllhost.exe)
2013/09/17 17:26:13 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 51731, Process: dllhost.exe)
2013/09/17 17:26:13 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 51732, Process: dllhost.exe)
2013/09/17 17:26:13 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 51733, Process: dllhost.exe)
2013/09/17 17:27:26 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 52013, Process: dllhost.exe)
2013/09/17 17:27:26 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 52014, Process: dllhost.exe)
2013/09/17 17:27:26 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 52015, Process: dllhost.exe)
2013/09/17 17:27:26 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 52016, Process: dllhost.exe)
2013/09/17 17:31:00 -0400 SANDRA-PC Sandra MESSAGE Executing scheduled update:  Flash Scan | Realtime
2013/09/17 17:31:01 -0400 SANDRA-PC Sandra MESSAGE Database already up-to-date
2013/09/17 17:36:00 -0400 SANDRA-PC Sandra MESSAGE Executing scheduled update:  Flash Scan | Realtime
2013/09/17 17:36:01 -0400 SANDRA-PC Sandra MESSAGE Database already up-to-date
2013/09/17 17:38:25 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 52962, Process: dllhost.exe)
2013/09/17 17:38:25 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 52963, Process: dllhost.exe)
2013/09/17 17:38:25 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 52964, Process: dllhost.exe)
2013/09/17 17:38:25 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 52965, Process: dllhost.exe)
2013/09/17 17:38:25 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 52969, Process: dllhost.exe)
2013/09/17 17:38:25 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 52970, Process: dllhost.exe)
2013/09/17 17:38:25 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 52971, Process: dllhost.exe)
2013/09/17 17:38:25 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 52972, Process: dllhost.exe)
2013/09/17 17:38:41 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 53018, Process: dllhost.exe)
2013/09/17 17:38:41 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 53019, Process: dllhost.exe)
2013/09/17 17:38:41 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 53020, Process: dllhost.exe)
2013/09/17 17:38:41 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 53021, Process: dllhost.exe)
2013/09/17 17:41:00 -0400 SANDRA-PC Sandra MESSAGE Executing scheduled update:  Flash Scan | Realtime
2013/09/17 17:41:01 -0400 SANDRA-PC Sandra MESSAGE Database already up-to-date
2013/09/17 17:46:00 -0400 SANDRA-PC Sandra MESSAGE Executing scheduled update:  Flash Scan | Realtime
2013/09/17 17:46:01 -0400 SANDRA-PC Sandra MESSAGE Database already up-to-date
2013/09/17 17:51:00 -0400 SANDRA-PC Sandra MESSAGE Executing scheduled update:  Flash Scan | Realtime
2013/09/17 17:51:01 -0400 SANDRA-PC Sandra MESSAGE Database already up-to-date
2013/09/17 17:56:00 -0400 SANDRA-PC Sandra MESSAGE Executing scheduled update:  Flash Scan | Realtime
2013/09/17 17:56:33 -0400 SANDRA-PC Sandra MESSAGE Database already up-to-date
2013/09/17 18:01:00 -0400 SANDRA-PC Sandra MESSAGE Executing scheduled update:  Flash Scan | Realtime
2013/09/17 18:01:01 -0400 SANDRA-PC Sandra MESSAGE Database already up-to-date
2013/09/17 18:06:00 -0400 SANDRA-PC Sandra MESSAGE Executing scheduled update:  Flash Scan | Realtime
2013/09/17 18:06:01 -0400 SANDRA-PC Sandra MESSAGE Database already up-to-date
2013/09/17 18:10:00 -0400 SANDRA-PC Sandra MESSAGE Executing scheduled scan:  Quick Scan | Hourly | Silent | -remove | -terminate | -reboot | -log
2013/09/17 18:10:00 -0400 SANDRA-PC Sandra MESSAGE Scheduled scan executed successfully
2013/09/17 18:11:00 -0400 SANDRA-PC Sandra MESSAGE Executing scheduled update:  Flash Scan | Realtime
2013/09/17 18:11:01 -0400 SANDRA-PC Sandra MESSAGE Database already up-to-date
2013/09/17 18:15:57 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 57022, Process: dllhost.exe)
2013/09/17 18:15:58 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 57023, Process: dllhost.exe)
2013/09/17 18:15:58 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 57025, Process: dllhost.exe)
2013/09/17 18:15:58 -0400 SANDRA-PC Sandra IP-BLOCK 5.149.255.45 (Type: outgoing, Port: 57024, Process: dllhost.exe)
2013/09/17 18:16:00 -0400 SANDRA-PC Sandra MESSAGE Executing scheduled update:  Flash Scan | Realtime
2013/09/17 18:16:01 -0400 SANDRA-PC Sandra MESSAGE Database already up-to-date
2013/09/17 18:21:00 -0400 SANDRA-PC Sandra MESSAGE Executing scheduled update:  Flash Scan | Realtime
2013/09/17 18:21:01 -0400 SANDRA-PC Sandra MESSAGE Database already up-to-date
 



#6 pithblitz

pithblitz
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:02:52 AM

Posted 17 September 2013 - 05:38 PM

Adwcleaner log:

 

# AdwCleaner v3.004 - Report created 17/09/2013 at 18:30:41
# Updated 15/09/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Sandra - SANDRA-PC
# Running from : C:\Users\Sandra\Desktop\adwcleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\apn
Folder Deleted : C:\ProgramData\BasicSeek
Folder Deleted : C:\Program Files (x86)\ConservativeTalkNow_4n
Folder Deleted : C:\Program Files (x86)\SocialSearchBar_App
Folder Deleted : C:\Program Files\DomaIQ Uninstaller
Folder Deleted : C:\Users\Sandra\AppData\LocalLow\ConservativeTalkNow_4n
Folder Deleted : C:\Users\Sandra\AppData\LocalLow\SocialSearchBar_App
Folder Deleted : C:\Users\Judy.Sandra-PC\AppData\LocalLow\SocialSearchBar_App

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B302A1BD-0157-49FA-90F1-4E94F22C7B4B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{13119113-0854-469D-807A-171568457991}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{33119133-0854-469D-807A-171568457991}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2421D847-721C-404F-87B4-BBD2B95D1087}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E35B874C-B20C-4C4F-A656-525AE9218388}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23119123-0854-469D-807A-171568457991}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{03119103-0854-469D-807A-171568457991}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2421D847-721C-404F-87B4-BBD2B95D1087}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2421D847-721C-404F-87B4-BBD2B95D1087}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2421D847-721C-404F-87B4-BBD2B95D1087}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{E35B874C-B20C-4C4F-A656-525AE9218388}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{977CA10E-92FE-4B02-9F5A-8B35CBE92EA7}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1F9C3A66-E675-4DEE-9774-4E426B9D5860}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{2421D847-721C-404F-87B4-BBD2B95D1087}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{2421D847-721C-404F-87B4-BBD2B95D1087}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{2421D847-721C-404F-87B4-BBD2B95D1087}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\AppDataLow\Software\DynConIE
Key Deleted : HKCU\Software\AppDataLow\Software\SocialSearchBar_App
Key Deleted : HKLM\Software\BasicSeek
Key Deleted : HKLM\Software\InstallIQ
Key Deleted : HKLM\Software\SocialSearchBar_App
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DomaIQ Uninstaller
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SocialSearchBar_App Toolbar
Key Deleted : [x64] HKLM\SOFTWARE\DomaIQ

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16686

*************************

AdwCleaner[R0].txt - [7919 octets] - [17/09/2013 18:27:47]
AdwCleaner[S0].txt - [7967 octets] - [17/09/2013 18:30:41]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [8027 octets] ##########



#7 pithblitz

pithblitz
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:02:52 AM

Posted 18 September 2013 - 08:43 AM

MBAR system log

 

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1005

© Malwarebytes Corporation 2011-2012

OS version: 6.2.9200 Windows 8 x64

Account is Administrative

Internet Explorer version: 10.0.9200.16688

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 2.004000 GHz
Memory total: 4226273280, free: 2413096960

=======================================

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1005

© Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 10.0.9200.16686

Java version: 1.6.0_33

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, E:\ DRIVE_FIXED
CPU speed: 2.094000 GHz
Memory total: 2948804608, free: 557277184

Downloaded database version: v2013.09.17.09
Downloaded database version: v2013.08.06.01
=======================================
Initializing...
------------ Kernel report ------------
     09/17/2013 18:46:39
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_AuthenticAMD.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\system32\drivers\gfibto.sys
\SystemRoot\system32\drivers\isapnp.sys
\SystemRoot\system32\drivers\mpio.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\DRIVERS\compbatt.sys
\SystemRoot\system32\DRIVERS\BATTC.SYS
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\system32\drivers\intelide.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\system32\drivers\aliide.sys
\SystemRoot\system32\drivers\amdide.sys
\SystemRoot\system32\drivers\cmdide.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\msdsm.sys
\SystemRoot\system32\drivers\nvraid.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\drivers\pciide.sys
\SystemRoot\system32\drivers\viaide.sys
\SystemRoot\system32\drivers\iaStorV.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\DRIVERS\lsi_sas.sys
\SystemRoot\system32\DRIVERS\storport.sys
\SystemRoot\system32\drivers\msahci.sys
\SystemRoot\system32\drivers\HpSAMD.sys
\SystemRoot\system32\DRIVERS\adp94xx.sys
\SystemRoot\system32\DRIVERS\adpahci.sys
\SystemRoot\system32\DRIVERS\adpu320.sys
\SystemRoot\system32\drivers\amdsata.sys
\SystemRoot\system32\DRIVERS\amdsbs.sys
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\DRIVERS\arc.sys
\SystemRoot\system32\DRIVERS\arcsas.sys
\SystemRoot\system32\DRIVERS\elxstor.sys
\SystemRoot\system32\DRIVERS\iirsp.sys
\SystemRoot\system32\DRIVERS\lsi_fc.sys
\SystemRoot\system32\DRIVERS\lsi_sas2.sys
\SystemRoot\system32\DRIVERS\lsi_scsi.sys
\SystemRoot\system32\DRIVERS\megasas.sys
\SystemRoot\system32\DRIVERS\MegaSR.sys
\SystemRoot\system32\DRIVERS\nfrd960.sys
\SystemRoot\system32\drivers\nvstor.sys
\SystemRoot\system32\DRIVERS\ql2300.sys
\SystemRoot\system32\DRIVERS\ql40xx.sys
\SystemRoot\system32\DRIVERS\SiSRaid2.sys
\SystemRoot\system32\DRIVERS\sisraid4.sys
\SystemRoot\system32\DRIVERS\stexstor.sys
\SystemRoot\system32\DRIVERS\vsmraid.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\system32\DRIVERS\MpFilter.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\DRIVERS\wd.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\system32\drivers\sbp2port.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\DRIVERS\disk.sys
\SystemRoot\system32\DRIVERS\AtiPcie.sys
\SystemRoot\system32\drivers\cdrom.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\ws2ifsl.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\drivers\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\amdppm.sys
\SystemRoot\system32\DRIVERS\atikmdag.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\athrx.sys
\SystemRoot\system32\DRIVERS\vwifibus.sys
\SystemRoot\system32\DRIVERS\Rt64win7.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\DRIVERS\usbohci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbfilter.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\drivers\HDAudBus.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\HpqKbFiltr.sys
\SystemRoot\system32\drivers\kbdclass.sys
\SystemRoot\system32\DRIVERS\SynTP.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\drivers\wmiacpi.sys
\SystemRoot\system32\drivers\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\drivers\swenum.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\DRIVERS\stwrt64.sys
\SystemRoot\system32\DRIVERS\portcls.sys
\SystemRoot\system32\DRIVERS\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\DRIVERS\agrsm64.sys
\SystemRoot\system32\drivers\modem.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_dumpata.sys
\SystemRoot\System32\Drivers\dump_msahci.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\drivers\luafv.sys
\??\C:\Windows\system32\drivers\mbam.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\vwifimp.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\NisDrvWFP.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
\Windows\System32\imm32.dll
\Windows\System32\iertutil.dll
\Windows\System32\msvcrt.dll
\Windows\System32\usp10.dll
\Windows\System32\user32.dll
\Windows\System32\shlwapi.dll
\Windows\System32\nsi.dll
\Windows\System32\msctf.dll
\Windows\System32\kernel32.dll
\Windows\System32\advapi32.dll
\Windows\System32\normaliz.dll
\Windows\System32\setupapi.dll
\Windows\System32\wininet.dll
\Windows\System32\clbcatq.dll
\Windows\System32\urlmon.dll
\Windows\System32\shell32.dll
\Windows\System32\difxapi.dll
\Windows\System32\oleaut32.dll
\Windows\System32\Wldap32.dll
\Windows\System32\psapi.dll
\Windows\System32\ole32.dll
\Windows\System32\lpk.dll
\Windows\System32\rpcrt4.dll
\Windows\System32\ws2_32.dll
\Windows\System32\gdi32.dll
\Windows\System32\sechost.dll
\Windows\System32\imagehlp.dll
\Windows\System32\comdlg32.dll
\Windows\System32\wintrust.dll
\Windows\System32\KernelBase.dll
\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
\Windows\System32\crypt32.dll
\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
\Windows\System32\devobj.dll
\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
\Windows\System32\comctl32.dll
\Windows\System32\cfgmgr32.dll
\Windows\System32\msasn1.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa8003146060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-0\
Lower Device Object: 0xfffffa80030e9680
Lower Device Driver Name: \Driver\atapi\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa8003146060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8003146b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8003146060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa80030e9680, DeviceName: \Device\Ide\IdeDeviceP0T0L0-0\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: E48393F7

Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 2048  Numsec = 407552
    Partition file system is NTFS
    Partition is bootable

    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 409600  Numsec = 459413504

    Partition 2 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 459823104  Numsec = 28360704

    Partition 3 type is Other (0xc)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 488183808  Numsec = 212992

Disk Size: 250059350016 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-488377168-488397168)...
Done!
Infected: C:\Users\Sandra\AppData\Local\Google\Desktop\Install\{b12dd0ee-5c02-ba0f-692f-db04412864d8}\❤≸⋙ --> [Trojan.0Access]
Infected: C:\Users\Sandra\AppData\Local\Google\Desktop\Install\{b12dd0ee-5c02-ba0f-692f-db04412864d8}\❤≸⋙\Ⱒ☠⍨ --> [Trojan.0Access]
Infected: C:\Users\Sandra\AppData\Local\Google\Desktop\Install\{b12dd0ee-5c02-ba0f-692f-db04412864d8}\❤≸⋙\Ⱒ☠⍨\‮ﯹ๛ --> [Trojan.0Access]
Infected: C:\Users\Sandra\AppData\Local\Google\Desktop\Install\{b12dd0ee-5c02-ba0f-692f-db04412864d8}\❤≸⋙\Ⱒ☠⍨\‮ﯹ๛\{b12dd0ee-5c02-ba0f-692f-db04412864d8} --> [Trojan.0Access]
Infected: C:\Users\Sandra\AppData\Local\Google\Desktop\Install\{b12dd0ee-5c02-ba0f-692f-db04412864d8}\❤≸⋙\Ⱒ☠⍨\‮ﯹ๛\{b12dd0ee-5c02-ba0f-692f-db04412864d8}\L --> [Trojan.0Access]
Infected: C:\Users\Sandra\AppData\Local\Google\Desktop\Install\{b12dd0ee-5c02-ba0f-692f-db04412864d8}\❤≸⋙\Ⱒ☠⍨\‮ﯹ๛\{b12dd0ee-5c02-ba0f-692f-db04412864d8}\U --> [Trojan.0Access]
Infected: C:\Users\Sandra\AppData\Local\Google\Desktop\Install\{b12dd0ee-5c02-ba0f-692f-db04412864d8} --> [Trojan.0Access]
Infected: HKCU\SOFTWARE\CLASSES\CLSID\{FBEB8A05-BEEE-4442-804E-409D6C4515E9}\INPROCSERVER32| --> [Hijack.SHELL32]
Scan finished
=======================================

Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\Bootstrap_0_0_2048_i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_r.mbam...
Removal finished



#8 pithblitz

pithblitz
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:02:52 AM

Posted 18 September 2013 - 08:46 AM

And MBAR scan log.... what's crazy is I did this scan first and it did find items but none of these listed! Unfortunately the USB thumb drive I ran the initial scans from became infected, forcing me to format it, losing the logs or I would have posted those.... anyway...

 

Malwarebytes Anti-Rootkit BETA 1.07.0.1005
www.malwarebytes.org

Database version: v2013.09.17.09

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16686
Sandra :: SANDRA-PC [administrator]

9/17/2013 6:47:01 PM
mbar-log-2013-09-17 (18-47-01).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 282452
Time elapsed: 1 hour(s), 18 minute(s), 18 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 1
HKCU\SOFTWARE\CLASSES\CLSID\{FBEB8A05-BEEE-4442-804E-409D6C4515E9}\INPROCSERVER32| (Hijack.SHELL32) -> Bad: (\\?\globalroot\Device\HarddiskVolume2\Users\Sandra\AppData\Local\Temp\svfqseq\sniqkiw\wow.dll) Good: (SHELL32.dll) -> No action taken.

Folders Detected: 7
C:\Users\Sandra\AppData\Local\Google\Desktop\Install\{b12dd0ee-5c02-ba0f-692f-db04412864d8}\❤≸⋙ (Trojan.0Access) -> No action taken.
C:\Users\Sandra\AppData\Local\Google\Desktop\Install\{b12dd0ee-5c02-ba0f-692f-db04412864d8}\❤≸⋙\Ⱒ☠⍨ (Trojan.0Access) -> No action taken.
C:\Users\Sandra\AppData\Local\Google\Desktop\Install\{b12dd0ee-5c02-ba0f-692f-db04412864d8}\❤≸⋙\Ⱒ☠⍨\‮ﯹ๛ (Trojan.0Access) -> No action taken.
C:\Users\Sandra\AppData\Local\Google\Desktop\Install\{b12dd0ee-5c02-ba0f-692f-db04412864d8}\❤≸⋙\Ⱒ☠⍨\‮ﯹ๛\{b12dd0ee-5c02-ba0f-692f-db04412864d8} (Trojan.0Access) -> No action taken.
C:\Users\Sandra\AppData\Local\Google\Desktop\Install\{b12dd0ee-5c02-ba0f-692f-db04412864d8}\❤≸⋙\Ⱒ☠⍨\‮ﯹ๛\{b12dd0ee-5c02-ba0f-692f-db04412864d8}\L (Trojan.0Access) -> No action taken.
C:\Users\Sandra\AppData\Local\Google\Desktop\Install\{b12dd0ee-5c02-ba0f-692f-db04412864d8}\❤≸⋙\Ⱒ☠⍨\‮ﯹ๛\{b12dd0ee-5c02-ba0f-692f-db04412864d8}\U (Trojan.0Access) -> No action taken.
C:\Users\Sandra\AppData\Local\Google\Desktop\Install\{b12dd0ee-5c02-ba0f-692f-db04412864d8} (Trojan.0Access) -> No action taken.

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)



#9 seedy21

seedy21

  • Malware Response Team
  • 742 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Yorkshire, UK
  • Local time:08:52 AM

Posted 18 September 2013 - 01:25 PM


Hello pithblitz

Warning Rootkit Detected


One or more of the identified infections is a Zeroaccess rootkit.

This allows hackers to remotely control your computer, steal critical system information, and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.


We can attempt to clean this machine but I can't guarantee that it will be 100% secure afterwards.

I suggest a reformat of the system, but the decision is entirely up to you. If you would like to continue please follow the steps below.

Step 1

Malwarebytes Anti-Rootkit Tool....

1. Download Malwarebytes Anti-Rootkit from this link http://www.malwarebytes.org/products/mbar/
2. Unzip the File to a convenient location. (Recommend the Desktop)
3. Open the folder where the contents were unzipped to run mbar.exe

Image1.png

4. Double-click on the mbar.exe file, you may receive a User Account Control prompt asking if you are sure you wish to allow the program to run. Please allow the program to run and MBAR will now start to install any necessary drivers that are required for the program to operate correctly. If a rootkit is interfering with the installation of the drivers you will see a message that states that the DDA driver was not installed and that you should reboot your computer to install it. You will see this image:

mbarwm.png

5. If you receive this message, please click on the Yes button and Malwarebytes Anti-Rootkit will now restart your computer. Once the computer is rebooted and you login, MBAR will automatically start and you will now be at the start screen. (If no Rootkit warning you will go from step 4 to 6.)

6. The following image opens, select Next.

Image4.png

7. In the following window ensure "Targets" are ticked. Then select "Scan"

Image5.png

8. If an infection is found select the "Cleanup Button" to remove threats, Reboot if prompted. Wait while the system shuts down and the cleanup process is performed.

9. Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click "Cleanup Button" once more and repeat the process.
10. If no threats were found you will see the following image, Select Exit:

Image6.png

11. Verify that your system is now running normally, making sure that the following items are functional:
 

  •      
  • Internet access
         
  • Windows Update
         
  • Windows Firewall


12.  If there are additional problems with your system, such as any of those listed above or other system issues, then run the 'fixdamage' tool included within Malwarebytes Anti-Rootkit folder.

Image7.png

13. The following Window will open, Select "Y" from your Keyboard, tap Enter.

Image8.png

14. The fix will be applied, select any key to Exit.

Image9.png

15. Let me know how your system now responds. Copy and paste the two following logs from the mbar folder:

System - log
Mbar - log   Date and time of scan will also be shown

Image10.png


Step 2

For x64 bit systems download Farbar Recovery Scan Tool 64-Bit and save it on your Desktop.
 

  • Double Click the Program to run (Vista and 7 Users will need to Right Click and select Run as Administrator.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) on the Desktop . Please copy and paste it to your reply.

 

 

 


“It's only after we've lost everything that we're free to do anything.”
― Chuck Palahniuk, Fight Club

unite_blue.png


#10 pithblitz

pithblitz
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:02:52 AM

Posted 18 September 2013 - 03:57 PM

Backing up data for possible reinstall, but I like a challenge if you do! :wink: MBAR sys log:

 

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1005

© Malwarebytes Corporation 2011-2012

OS version: 6.2.9200 Windows 8 x64

Account is Administrative

Internet Explorer version: 10.0.9200.16688

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 2.004000 GHz
Memory total: 4226273280, free: 2413096960

=======================================

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1005

© Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 10.0.9200.16686

Java version: 1.6.0_33

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, E:\ DRIVE_FIXED
CPU speed: 2.094000 GHz
Memory total: 2948804608, free: 557277184

Downloaded database version: v2013.09.17.09
Downloaded database version: v2013.08.06.01
=======================================
Initializing...
------------ Kernel report ------------
     09/17/2013 18:46:39
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_AuthenticAMD.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\system32\drivers\gfibto.sys
\SystemRoot\system32\drivers\isapnp.sys
\SystemRoot\system32\drivers\mpio.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\DRIVERS\compbatt.sys
\SystemRoot\system32\DRIVERS\BATTC.SYS
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\system32\drivers\intelide.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\system32\drivers\aliide.sys
\SystemRoot\system32\drivers\amdide.sys
\SystemRoot\system32\drivers\cmdide.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\msdsm.sys
\SystemRoot\system32\drivers\nvraid.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\drivers\pciide.sys
\SystemRoot\system32\drivers\viaide.sys
\SystemRoot\system32\drivers\iaStorV.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\DRIVERS\lsi_sas.sys
\SystemRoot\system32\DRIVERS\storport.sys
\SystemRoot\system32\drivers\msahci.sys
\SystemRoot\system32\drivers\HpSAMD.sys
\SystemRoot\system32\DRIVERS\adp94xx.sys
\SystemRoot\system32\DRIVERS\adpahci.sys
\SystemRoot\system32\DRIVERS\adpu320.sys
\SystemRoot\system32\drivers\amdsata.sys
\SystemRoot\system32\DRIVERS\amdsbs.sys
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\DRIVERS\arc.sys
\SystemRoot\system32\DRIVERS\arcsas.sys
\SystemRoot\system32\DRIVERS\elxstor.sys
\SystemRoot\system32\DRIVERS\iirsp.sys
\SystemRoot\system32\DRIVERS\lsi_fc.sys
\SystemRoot\system32\DRIVERS\lsi_sas2.sys
\SystemRoot\system32\DRIVERS\lsi_scsi.sys
\SystemRoot\system32\DRIVERS\megasas.sys
\SystemRoot\system32\DRIVERS\MegaSR.sys
\SystemRoot\system32\DRIVERS\nfrd960.sys
\SystemRoot\system32\drivers\nvstor.sys
\SystemRoot\system32\DRIVERS\ql2300.sys
\SystemRoot\system32\DRIVERS\ql40xx.sys
\SystemRoot\system32\DRIVERS\SiSRaid2.sys
\SystemRoot\system32\DRIVERS\sisraid4.sys
\SystemRoot\system32\DRIVERS\stexstor.sys
\SystemRoot\system32\DRIVERS\vsmraid.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\system32\DRIVERS\MpFilter.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\DRIVERS\wd.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\system32\drivers\sbp2port.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\DRIVERS\disk.sys
\SystemRoot\system32\DRIVERS\AtiPcie.sys
\SystemRoot\system32\drivers\cdrom.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\ws2ifsl.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\drivers\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\amdppm.sys
\SystemRoot\system32\DRIVERS\atikmdag.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\athrx.sys
\SystemRoot\system32\DRIVERS\vwifibus.sys
\SystemRoot\system32\DRIVERS\Rt64win7.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\DRIVERS\usbohci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbfilter.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\drivers\HDAudBus.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\HpqKbFiltr.sys
\SystemRoot\system32\drivers\kbdclass.sys
\SystemRoot\system32\DRIVERS\SynTP.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\drivers\wmiacpi.sys
\SystemRoot\system32\drivers\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\drivers\swenum.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\DRIVERS\stwrt64.sys
\SystemRoot\system32\DRIVERS\portcls.sys
\SystemRoot\system32\DRIVERS\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\DRIVERS\agrsm64.sys
\SystemRoot\system32\drivers\modem.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_dumpata.sys
\SystemRoot\System32\Drivers\dump_msahci.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\drivers\luafv.sys
\??\C:\Windows\system32\drivers\mbam.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\vwifimp.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\NisDrvWFP.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
\Windows\System32\imm32.dll
\Windows\System32\iertutil.dll
\Windows\System32\msvcrt.dll
\Windows\System32\usp10.dll
\Windows\System32\user32.dll
\Windows\System32\shlwapi.dll
\Windows\System32\nsi.dll
\Windows\System32\msctf.dll
\Windows\System32\kernel32.dll
\Windows\System32\advapi32.dll
\Windows\System32\normaliz.dll
\Windows\System32\setupapi.dll
\Windows\System32\wininet.dll
\Windows\System32\clbcatq.dll
\Windows\System32\urlmon.dll
\Windows\System32\shell32.dll
\Windows\System32\difxapi.dll
\Windows\System32\oleaut32.dll
\Windows\System32\Wldap32.dll
\Windows\System32\psapi.dll
\Windows\System32\ole32.dll
\Windows\System32\lpk.dll
\Windows\System32\rpcrt4.dll
\Windows\System32\ws2_32.dll
\Windows\System32\gdi32.dll
\Windows\System32\sechost.dll
\Windows\System32\imagehlp.dll
\Windows\System32\comdlg32.dll
\Windows\System32\wintrust.dll
\Windows\System32\KernelBase.dll
\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
\Windows\System32\crypt32.dll
\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
\Windows\System32\devobj.dll
\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
\Windows\System32\comctl32.dll
\Windows\System32\cfgmgr32.dll
\Windows\System32\msasn1.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa8003146060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-0\
Lower Device Object: 0xfffffa80030e9680
Lower Device Driver Name: \Driver\atapi\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa8003146060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8003146b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8003146060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa80030e9680, DeviceName: \Device\Ide\IdeDeviceP0T0L0-0\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: E48393F7

Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 2048  Numsec = 407552
    Partition file system is NTFS
    Partition is bootable

    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 409600  Numsec = 459413504

    Partition 2 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 459823104  Numsec = 28360704

    Partition 3 type is Other (0xc)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 488183808  Numsec = 212992

Disk Size: 250059350016 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-488377168-488397168)...
Done!
Infected: C:\Users\Sandra\AppData\Local\Google\Desktop\Install\{b12dd0ee-5c02-ba0f-692f-db04412864d8}\❤≸⋙ --> [Trojan.0Access]
Infected: C:\Users\Sandra\AppData\Local\Google\Desktop\Install\{b12dd0ee-5c02-ba0f-692f-db04412864d8}\❤≸⋙\Ⱒ☠⍨ --> [Trojan.0Access]
Infected: C:\Users\Sandra\AppData\Local\Google\Desktop\Install\{b12dd0ee-5c02-ba0f-692f-db04412864d8}\❤≸⋙\Ⱒ☠⍨\‮ﯹ๛ --> [Trojan.0Access]
Infected: C:\Users\Sandra\AppData\Local\Google\Desktop\Install\{b12dd0ee-5c02-ba0f-692f-db04412864d8}\❤≸⋙\Ⱒ☠⍨\‮ﯹ๛\{b12dd0ee-5c02-ba0f-692f-db04412864d8} --> [Trojan.0Access]
Infected: C:\Users\Sandra\AppData\Local\Google\Desktop\Install\{b12dd0ee-5c02-ba0f-692f-db04412864d8}\❤≸⋙\Ⱒ☠⍨\‮ﯹ๛\{b12dd0ee-5c02-ba0f-692f-db04412864d8}\L --> [Trojan.0Access]
Infected: C:\Users\Sandra\AppData\Local\Google\Desktop\Install\{b12dd0ee-5c02-ba0f-692f-db04412864d8}\❤≸⋙\Ⱒ☠⍨\‮ﯹ๛\{b12dd0ee-5c02-ba0f-692f-db04412864d8}\U --> [Trojan.0Access]
Infected: C:\Users\Sandra\AppData\Local\Google\Desktop\Install\{b12dd0ee-5c02-ba0f-692f-db04412864d8} --> [Trojan.0Access]
Infected: HKCU\SOFTWARE\CLASSES\CLSID\{FBEB8A05-BEEE-4442-804E-409D6C4515E9}\INPROCSERVER32| --> [Hijack.SHELL32]
Scan finished
=======================================

Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\Bootstrap_0_0_2048_i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_r.mbam...
Removal finished
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1005

© Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 10.0.9200.16686

Java version: 1.6.0_33

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, E:\ DRIVE_FIXED
CPU speed: 2.094000 GHz
Memory total: 2948804608, free: 1058078720

Downloaded database version: v2013.09.18.01
Downloaded database version: v2013.09.18.02
Downloaded database version: v2013.09.18.03
Downloaded database version: v2013.09.18.04
Downloaded database version: v2013.09.18.05
Downloaded database version: v2013.09.18.06
Downloaded database version: v2013.09.18.07
Downloaded database version: v2013.09.18.08
Downloaded database version: v2013.09.18.09
Downloaded database version: v2013.09.18.10
=======================================
Initializing...
------------ Kernel report ------------
     09/18/2013 14:30:57
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_AuthenticAMD.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\system32\drivers\gfibto.sys
\SystemRoot\system32\drivers\isapnp.sys
\SystemRoot\system32\drivers\mpio.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\DRIVERS\compbatt.sys
\SystemRoot\system32\DRIVERS\BATTC.SYS
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\system32\drivers\intelide.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\system32\drivers\aliide.sys
\SystemRoot\system32\drivers\amdide.sys
\SystemRoot\system32\drivers\cmdide.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\msdsm.sys
\SystemRoot\system32\drivers\nvraid.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\drivers\pciide.sys
\SystemRoot\system32\drivers\viaide.sys
\SystemRoot\system32\drivers\iaStorV.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\DRIVERS\lsi_sas.sys
\SystemRoot\system32\DRIVERS\storport.sys
\SystemRoot\system32\drivers\msahci.sys
\SystemRoot\system32\drivers\HpSAMD.sys
\SystemRoot\system32\DRIVERS\adp94xx.sys
\SystemRoot\system32\DRIVERS\adpahci.sys
\SystemRoot\system32\DRIVERS\adpu320.sys
\SystemRoot\system32\drivers\amdsata.sys
\SystemRoot\system32\DRIVERS\amdsbs.sys
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\DRIVERS\arc.sys
\SystemRoot\system32\DRIVERS\arcsas.sys
\SystemRoot\system32\DRIVERS\elxstor.sys
\SystemRoot\system32\DRIVERS\iirsp.sys
\SystemRoot\system32\DRIVERS\lsi_fc.sys
\SystemRoot\system32\DRIVERS\lsi_sas2.sys
\SystemRoot\system32\DRIVERS\lsi_scsi.sys
\SystemRoot\system32\DRIVERS\megasas.sys
\SystemRoot\system32\DRIVERS\MegaSR.sys
\SystemRoot\system32\DRIVERS\nfrd960.sys
\SystemRoot\system32\drivers\nvstor.sys
\SystemRoot\system32\DRIVERS\ql2300.sys
\SystemRoot\system32\DRIVERS\ql40xx.sys
\SystemRoot\system32\DRIVERS\SiSRaid2.sys
\SystemRoot\system32\DRIVERS\sisraid4.sys
\SystemRoot\system32\DRIVERS\stexstor.sys
\SystemRoot\system32\DRIVERS\vsmraid.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\system32\DRIVERS\MpFilter.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\DRIVERS\wd.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\system32\drivers\sbp2port.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\DRIVERS\disk.sys
\SystemRoot\system32\DRIVERS\AtiPcie.sys
\SystemRoot\system32\drivers\cdrom.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\ws2ifsl.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\drivers\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\amdppm.sys
\SystemRoot\system32\DRIVERS\atikmdag.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\athrx.sys
\SystemRoot\system32\DRIVERS\vwifibus.sys
\SystemRoot\system32\DRIVERS\Rt64win7.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\DRIVERS\usbohci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbfilter.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\drivers\HDAudBus.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\HpqKbFiltr.sys
\SystemRoot\system32\drivers\kbdclass.sys
\SystemRoot\system32\DRIVERS\SynTP.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\drivers\wmiacpi.sys
\SystemRoot\system32\drivers\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\drivers\swenum.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\DRIVERS\stwrt64.sys
\SystemRoot\system32\DRIVERS\portcls.sys
\SystemRoot\system32\DRIVERS\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\DRIVERS\agrsm64.sys
\SystemRoot\system32\drivers\modem.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_dumpata.sys
\SystemRoot\System32\Drivers\dump_msahci.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\drivers\luafv.sys
\??\C:\Windows\system32\drivers\mbam.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\vwifimp.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\drivers\WudfPf.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
\Windows\System32\imm32.dll
\Windows\System32\iertutil.dll
\Windows\System32\msvcrt.dll
\Windows\System32\usp10.dll
\Windows\System32\user32.dll
\Windows\System32\shlwapi.dll
\Windows\System32\nsi.dll
\Windows\System32\msctf.dll
\Windows\System32\kernel32.dll
\Windows\System32\advapi32.dll
\Windows\System32\normaliz.dll
\Windows\System32\setupapi.dll
\Windows\System32\wininet.dll
\Windows\System32\clbcatq.dll
\Windows\System32\urlmon.dll
\Windows\System32\shell32.dll
\Windows\System32\difxapi.dll
\Windows\System32\oleaut32.dll
\Windows\System32\Wldap32.dll
\Windows\System32\psapi.dll
\Windows\System32\ole32.dll
\Windows\System32\lpk.dll
\Windows\System32\rpcrt4.dll
\Windows\System32\ws2_32.dll
\Windows\System32\gdi32.dll
\Windows\System32\sechost.dll
\Windows\System32\imagehlp.dll
\Windows\System32\comdlg32.dll
\Windows\System32\wintrust.dll
\Windows\System32\KernelBase.dll
\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
\Windows\System32\crypt32.dll
\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
\Windows\System32\devobj.dll
\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
\Windows\System32\comctl32.dll
\Windows\System32\cfgmgr32.dll
\Windows\System32\msasn1.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa8003146060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-0\
Lower Device Object: 0xfffffa80030e9680
Lower Device Driver Name: \Driver\atapi\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa8003146060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8003146b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8003146060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa80030e9680, DeviceName: \Device\Ide\IdeDeviceP0T0L0-0\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: E48393F7

Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 2048  Numsec = 407552
    Partition file system is NTFS
    Partition is bootable

    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 409600  Numsec = 459413504

    Partition 2 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 459823104  Numsec = 28360704

    Partition 3 type is Other (0xc)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 488183808  Numsec = 212992

Disk Size: 250059350016 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-488377168-488397168)...
Done!
Infected: C:\Users\Sandra\AppData\Local\Google\Desktop\Install\{b12dd0ee-5c02-ba0f-692f-db04412864d8}\❤≸⋙ --> [Trojan.0Access]
Infected: C:\Users\Sandra\AppData\Local\Google\Desktop\Install\{b12dd0ee-5c02-ba0f-692f-db04412864d8}\❤≸⋙\Ⱒ☠⍨ --> [Trojan.0Access]
Infected: C:\Users\Sandra\AppData\Local\Google\Desktop\Install\{b12dd0ee-5c02-ba0f-692f-db04412864d8}\❤≸⋙\Ⱒ☠⍨\‮ﯹ๛ --> [Trojan.0Access]
Infected: C:\Users\Sandra\AppData\Local\Google\Desktop\Install\{b12dd0ee-5c02-ba0f-692f-db04412864d8}\❤≸⋙\Ⱒ☠⍨\‮ﯹ๛\{b12dd0ee-5c02-ba0f-692f-db04412864d8} --> [Trojan.0Access]
Infected: C:\Users\Sandra\AppData\Local\Google\Desktop\Install\{b12dd0ee-5c02-ba0f-692f-db04412864d8}\❤≸⋙\Ⱒ☠⍨\‮ﯹ๛\{b12dd0ee-5c02-ba0f-692f-db04412864d8}\L --> [Trojan.0Access]
Infected: C:\Users\Sandra\AppData\Local\Google\Desktop\Install\{b12dd0ee-5c02-ba0f-692f-db04412864d8}\❤≸⋙\Ⱒ☠⍨\‮ﯹ๛\{b12dd0ee-5c02-ba0f-692f-db04412864d8}\U --> [Trojan.0Access]
Infected: C:\Users\Sandra\AppData\Local\Google\Desktop\Install\{b12dd0ee-5c02-ba0f-692f-db04412864d8} --> [Trojan.0Access]
Infected: HKCU\SOFTWARE\CLASSES\CLSID\{FBEB8A05-BEEE-4442-804E-409D6C4515E9}\INPROCSERVER32| --> [Hijack.SHELL32]
Scan finished
Creating System Restore point...
Cleaning up...
Executing an action fixdamage.exe...
Success!
Queuing an action fixdamage.exe
Removal successful. No system shutdown is required.
=======================================

Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\Bootstrap_0_0_2048_i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_r.mbam...
Removal finished
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1005

© Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 10.0.9200.16686

Java version: 1.6.0_33

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, E:\ DRIVE_FIXED
CPU speed: 2.094000 GHz
Memory total: 2948804608, free: 1872928768

=======================================



MBAR log:

 

Malwarebytes Anti-Rootkit BETA 1.07.0.1005
www.malwarebytes.org

Database version: v2013.09.18.10

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16686
Sandra :: SANDRA-PC [administrator]

9/18/2013 2:31:06 PM
mbar-log-2013-09-18 (14-31-06).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 286270
Time elapsed: 17 minute(s), 29 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 1
HKCU\SOFTWARE\CLASSES\CLSID\{FBEB8A05-BEEE-4442-804E-409D6C4515E9}\INPROCSERVER32| (Hijack.SHELL32) -> Bad: (\\?\globalroot\Device\HarddiskVolume2\Users\Sandra\AppData\Local\Temp\svfqseq\sniqkiw\wow.dll) Good: (SHELL32.dll) -> Replace on reboot.

Folders Detected: 7
C:\Users\Sandra\AppData\Local\Google\Desktop\Install\{b12dd0ee-5c02-ba0f-692f-db04412864d8}\❤≸⋙ (Trojan.0Access) -> Delete on reboot.
C:\Users\Sandra\AppData\Local\Google\Desktop\Install\{b12dd0ee-5c02-ba0f-692f-db04412864d8}\❤≸⋙\Ⱒ☠⍨ (Trojan.0Access) -> Delete on reboot.
C:\Users\Sandra\AppData\Local\Google\Desktop\Install\{b12dd0ee-5c02-ba0f-692f-db04412864d8}\❤≸⋙\Ⱒ☠⍨\‮ﯹ๛ (Trojan.0Access) -> Delete on reboot.
C:\Users\Sandra\AppData\Local\Google\Desktop\Install\{b12dd0ee-5c02-ba0f-692f-db04412864d8}\❤≸⋙\Ⱒ☠⍨\‮ﯹ๛\{b12dd0ee-5c02-ba0f-692f-db04412864d8} (Trojan.0Access) -> Delete on reboot.
C:\Users\Sandra\AppData\Local\Google\Desktop\Install\{b12dd0ee-5c02-ba0f-692f-db04412864d8}\❤≸⋙\Ⱒ☠⍨\‮ﯹ๛\{b12dd0ee-5c02-ba0f-692f-db04412864d8}\L (Trojan.0Access) -> Delete on reboot.
C:\Users\Sandra\AppData\Local\Google\Desktop\Install\{b12dd0ee-5c02-ba0f-692f-db04412864d8}\❤≸⋙\Ⱒ☠⍨\‮ﯹ๛\{b12dd0ee-5c02-ba0f-692f-db04412864d8}\U (Trojan.0Access) -> Delete on reboot.
C:\Users\Sandra\AppData\Local\Google\Desktop\Install\{b12dd0ee-5c02-ba0f-692f-db04412864d8} (Trojan.0Access) -> Delete on reboot.

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)



FRST Addition:

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 16-09-2013
Ran by Sandra at 2013-09-18 16:51:19
Running from C:\Users\Sandra\Desktop
Boot Mode: Normal
==========================================================

==================== Installed Programs =======================

 Update for Microsoft Office 2007 (KB2508958) (x32)
Acrobat.com (x32 Version: 1.6.65)
ActiveCheck component for HP Active Support Library (x32 Version: 3.0.0.3)
Adobe AIR (x32 Version: 1.5.0.7220)
Adobe Flash Player 11 ActiveX (x32 Version: 11.8.800.174)
Adobe Reader XI (11.0.04) (x32 Version: 11.0.04)
Adobe Shockwave Player (x32 Version: 11.0)
AMD USB Filter Driver (x32 Version: 1.0.10.84)
Apple Application Support (x32 Version: 2.2.2)
Apple Mobile Device Support (Version: 6.0.0.59)
Apple Software Update (x32 Version: 2.1.3.127)
Atheros Driver Installation Program (x32 Version: 9.0)
ATI Catalyst Install Manager (Version: 3.0.732.0)
Bonjour (Version: 3.0.0.10)
Canon CanoScan LiDE 210 User Registration (x32)
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (x32)
Canon MP Navigator EX 4.0 (x32)
Canon Solution Menu EX (x32)
CanoScan LiDE 210 Scanner Driver
Catalyst Control Center - Branding (x32 Version: 1.00.0000)
Catalyst Control Center Core Implementation (x32 Version: 2009.0804.2223.38385)
Catalyst Control Center Graphics Full Existing (x32 Version: 2009.0804.2223.38385)
Catalyst Control Center Graphics Full New (x32 Version: 2009.0804.2223.38385)
Catalyst Control Center Graphics Light (x32 Version: 2009.0804.2223.38385)
Catalyst Control Center Graphics Previews Common (x32 Version: 2009.0804.2223.38385)
Catalyst Control Center Graphics Previews Vista (x32 Version: 2009.0804.2223.38385)
Catalyst Control Center InstallProxy (x32 Version: 2009.0804.2223.38385)
Catalyst Control Center Localization All (x32 Version: 2009.0804.2223.38385)
CCC Help Chinese Standard (x32 Version: 2009.0804.2222.38385)
CCC Help Chinese Traditional (x32 Version: 2009.0804.2222.38385)
CCC Help Czech (x32 Version: 2009.0804.2222.38385)
CCC Help Danish (x32 Version: 2009.0804.2222.38385)
CCC Help Dutch (x32 Version: 2009.0804.2222.38385)
CCC Help English (x32 Version: 2009.0804.2222.38385)
CCC Help Finnish (x32 Version: 2009.0804.2222.38385)
CCC Help French (x32 Version: 2009.0804.2222.38385)
CCC Help German (x32 Version: 2009.0804.2222.38385)
CCC Help Greek (x32 Version: 2009.0804.2222.38385)
CCC Help Hungarian (x32 Version: 2009.0804.2222.38385)
CCC Help Italian (x32 Version: 2009.0804.2222.38385)
CCC Help Japanese (x32 Version: 2009.0804.2222.38385)
CCC Help Korean (x32 Version: 2009.0804.2222.38385)
CCC Help Norwegian (x32 Version: 2009.0804.2222.38385)
CCC Help Polish (x32 Version: 2009.0804.2222.38385)
CCC Help Portuguese (x32 Version: 2009.0804.2222.38385)
CCC Help Russian (x32 Version: 2009.0804.2222.38385)
CCC Help Spanish (x32 Version: 2009.0804.2222.38385)
CCC Help Swedish (x32 Version: 2009.0804.2222.38385)
CCC Help Thai (x32 Version: 2009.0804.2222.38385)
CCC Help Turkish (x32 Version: 2009.0804.2222.38385)
ccc-core-static (x32 Version: 2009.0804.2223.38385)
ccc-utility64 (Version: 2009.0804.2223.38385)
CCleaner (Version: 3.27)
Cisco EAP-FAST Module (x32 Version: 2.2.14)
Cisco LEAP Module (x32 Version: 1.0.19)
Cisco PEAP Module (x32 Version: 1.1.6)
Compatibility Pack for the 2007 Office system (x32 Version: 12.0.6612.1000)
CyberLink DVD Suite (x32 Version: 7.0.2111)
CyberLink MediaShow (x32 Version: 4.1.3325)
CyberLink PowerDVD 8 (x32 Version: 8.0.1.1005)
EPSON Connect version 1.0 (x32 Version: 1.0)
Epson Customer Participation (Version: 1.4.0.0)
Epson Event Manager (x32 Version: 3.01.0003)
Epson FAX Utility (x32 Version: 1.30.00)
Epson PC-FAX Driver (x32)
EPSON Scan (x32)
EPSON WF-2540 Series Printer Uninstall
EpsonNet Print (x32 Version: 2.5.00)
HP Advisor (x32 Version: 3.3.9512.3162)
HP Customer Experience Enhancements (x32 Version: 6.0.1.3)
HP Games (x32 Version: 1.0.0.71)
HP Quick Launch Buttons (x32 Version: 6.50.7.1)
HP Setup (x32 Version: 1.2.3560.3170)
HP Smart Web Printing 4.60 (Version: 4.60)
HP Update (x32 Version: 5.001.000.014)
HP User Guides 0148 (x32 Version: 1.01.0005)
HP Wireless Assistant (x32 Version: 3.50.11.2)
HPAsset component for HP Active Support Library (x32 Version: 3.0.1.0)
IDT Audio (x32 Version: 1.0.6225.0)
IHA_MessageCenter (x32 Version: 1.8.70)
iTunes (Version: 10.7.0.21)
Java Auto Updater (x32 Version: 2.0.7.1)
Java™ 6 Update 15 (64-bit) (Version: 6.0.150)
Java™ 6 Update 33 (x32 Version: 6.0.330)
Java™ SE Development Kit 6 Update 15 (64-bit) (Version: 1.6.0.150)
Junk Mail filter update (x32 Version: 14.0.8089.726)
LabelPrint (x32 Version: 2.5.2111)
LightScribe System Software (x32 Version: 1.18.13.1)
LSI HDA Modem (Version: 2.1.94)
LTCM Client (x32)
Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Choice Guard (x32 Version: 2.0.48.0)
Microsoft Live Search Toolbar (x32 Version: 3.0.566.0)
Microsoft Office 2007 Service Pack 3 (SP3) (x32)
Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (x32 Version: 14.0.5130.5003)
Microsoft Office Home and Student 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000)
Microsoft Office OneNote MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office PowerPoint Viewer 2007 (English) (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32)
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Suite Activation Assistant (x32 Version: 2.9)
Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Security Client (Version: 4.3.0215.0)
Microsoft Security Essentials (Version: 4.3.215.0)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (x32 Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (Version: 8.0.51011)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (x32 Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Microsoft Works (x32 Version: 9.7.0621)
MSVCRT (x32 Version: 14.0.1468.721)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
muvee Reveal (x32 Version: 7.0.43.12698)
Norton Online Backup (x32 Version: 1.2.20.0)
Power2Go (x32 Version: 6.0.3311)
PowerDirector (x32 Version: 7.0.3311)
QLBCASL (x32 Version: 6.40.17.2)
Realtek 8136 8168 8169 Ethernet Driver (x32 Version: 1.00.0007)
Realtek USB 2.0 Card Reader (x32 Version: 6.1.7100.30094)
Recovery Manager (x32 Version: 5.5.2202)
Revo Uninstaller Pro 2.5.9 (Version: 2.5.9)
Slingbox - Watch Your TV Anywhere (x32 Version: 1.0.0)
SlingPlayer (x32 Version: 1.04.0206)
smartmontools (x32 Version: 5.42 2011-10-20 r3458 (sf-win32-5.42-1))
SmartWebPrinting (x32 Version: 140.0.186.000)
Software Updater (x32 Version: 4.1.1)
Synaptics Pointing Device Driver (Version: 15.3.29.0)
TeamViewer 8 (x32 Version: 8.0.19045)
UnfriendApp (x32 Version: 2.5.65)
Update for 2007 Microsoft Office System (KB967642) (x32)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939) (x32 Version: 1)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (x32)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (x32)
Update for Microsoft Office Excel 2007 Help (KB963678) (x32)
Update for Microsoft Office OneNote 2007 Help (KB963670) (x32)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (x32)
Update for Microsoft Office Script Editor Help (KB963671) (x32)
Update for Microsoft Office Word 2007 Help (KB963665) (x32)
Updater By SweetPacks 2.0.0.566 (Version: 2.0.0.566)
Wi-Fi Connect (x32 Version: 2.20.0229.0817)
Windows Live Call (x32 Version: 14.0.8064.0206)
Windows Live Communications Platform (x32 Version: 14.0.8064.206)
Windows Live Essentials (x32 Version: 14.0.8089.0726)
Windows Live Essentials (x32 Version: 14.0.8089.726)
Windows Live Mail (x32 Version: 14.0.8089.0726)
Windows Live Messenger (x32 Version: 14.0.8089.0726)
Windows Live Movie Maker (x32 Version: 14.0.8091.0730)
Windows Live Photo Gallery (x32 Version: 14.0.8081.709)
Windows Live Sign-in Assistant (x32 Version: 5.000.818.5)
Windows Live Sync (x32 Version: 14.0.8089.726)
Windows Live Upload Tool (x32 Version: 14.0.8014.1029)
Windows Live Writer (x32 Version: 14.0.8089.0726)

==================== Restore Points  =========================

05-09-2013 14:32:08 Windows Update
09-09-2013 15:41:14 Windows Update
10-09-2013 19:33:40 Windows Backup
12-09-2013 07:06:21 Windows Update
12-09-2013 13:33:50 Windows Update
12-09-2013 22:58:27 Windows Update
13-09-2013 07:00:31 Windows Update
13-09-2013 21:28:47 Windows Update
14-09-2013 07:00:24 Windows Update
17-09-2013 16:23:56 Windows Update
18-09-2013 18:50:36 Malwarebytes Anti-Rootkit Restore Point

==================== Hosts content: ==========================

2009-07-13 22:34 - 2013-09-13 18:18 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {044A6734-E90E-4F8F-B357-B2DC8AB3B5EC} - System32\Tasks\Microsoft\Windows\Time Synchronization\SynchronizeTime => Sc.exe start w32time task_started
Task: {0D9ACE51-BC88-4936-9CEA-AA9C430AFD59} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2587865535-1505110289-3185067369-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {24E67ABC-E589-496B-961D-690DA87CBB1A} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-01-23] (Piriform Ltd)
Task: {255B9DBE-A1E5-43CC-BFEB-C43EC77E33F2} - System32\Tasks\RecoveryCDWin7 => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2009-10-07] ()
Task: {34B48D53-CE85-483A-BE80-8677F3F4B336} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2587865535-1505110289-3185067369-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {3CEA3ACC-83BC-44FC-AB17-0052569C3EE4} - System32\Tasks\Hewlett-Packard\HP Assistant\PC Tuneup => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2010-03-24] (Hewlett-Packard)
Task: {564A3A00-ED04-4DB1-B85A-02F1939BA6F0} - System32\Tasks\Hewlett-Packard\HP Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2010-03-24] (Hewlett-Packard)
Task: {5C040ACE-EC6C-459E-9628-61E02AFC7A98} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {5C890313-9005-4E3E-9A9D-04DA3B3DC5C7} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-09-13] (Adobe Systems Incorporated)
Task: {D38067E3-B1D5-43F0-AAC6-8DBE6B1B162C} - System32\Tasks\HPCeeScheduleForSandra => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2009-10-07] (Hewlett-Packard)
Task: {E9A8F3BE-E779-4259-9D2D-5BFF0E158672} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HPSAObjUtilTask => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\UtilTask.exe [2013-02-12] (Microsoft)
Task: {FC33EA55-EA78-4D6D-A539-9122B0DD456E} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\MpCmdRun.exe [2013-06-20] (Microsoft Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\HPCeeScheduleForSandra.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Loaded Modules (whitelisted) =============

2011-10-14 04:35 - 2011-10-14 04:35 - 00415528 _____ (Synaptics Incorporated) C:\Windows\system32\SynCOM.dll
2011-10-14 04:35 - 2011-10-14 04:35 - 00226600 _____ (Synaptics Incorporated) C:\Windows\system32\SynTPAPI.dll
2013-09-13 16:46 - 2013-09-13 16:46 - 22658440 ____R (Adobe Systems, Inc.) C:\Windows\system32\Macromed\Flash\Flash64_11_8_800_174.ocx
2013-01-11 19:50 - 2012-02-28 12:00 - 00081920 _____ (SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\FAX Utility\Resource\FUCMNMSG.dll
2013-01-11 19:50 - 2012-02-28 12:00 - 00241664 _____ (SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\FAX Utility\Resource\FUFAXRCV.dll
2013-01-11 19:50 - 2012-02-29 01:00 - 00135168 _____ (SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\FAX Utility\Library\FUDRVUTL.dll
2013-01-11 19:50 - 2012-02-29 01:00 - 00262144 _____ (SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\FAX Utility\FULEPP.dll
2013-01-11 19:50 - 2012-02-28 12:00 - 00022016 _____ (SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\FAX Utility\Resource\FULEPPRes.dll
2013-01-11 19:50 - 2012-02-29 01:00 - 00303104 _____ (SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\FAX Utility\FUSVCCLT.dll
2013-01-11 19:50 - 2012-02-29 01:00 - 00085504 _____ (SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\FAX Utility\EbpD4Fax.dll
2013-01-11 19:50 - 2012-02-29 01:00 - 00335872 _____ (SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\FAX Utility\Library\FUPRBDEV.dll
2013-01-11 19:50 - 2012-02-29 01:00 - 00786432 _____ (SEIKO EPSON) C:\Program Files (x86)\EPSON Software\FAX Utility\Library\ENCM.dll
2013-01-11 19:50 - 2012-02-29 01:00 - 00299008 _____ (SEIKO EPSON) C:\Program Files (x86)\EPSON Software\FAX Utility\Library\ENUTIL.dll
2013-01-11 19:50 - 2012-02-29 01:00 - 00278528 _____ (SEIKO EPSON) C:\Program Files (x86)\EPSON Software\FAX Utility\Library\ENNW.dll
2013-01-11 19:50 - 2012-02-29 01:00 - 00065536 _____ (SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\FAX Utility\Library\FUDEVCOM.dll
2013-01-11 19:50 - 2012-02-29 01:00 - 00229376 _____ (SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\FAX Utility\Library\FUSNMPUT.dll
2013-01-11 19:50 - 2012-02-29 01:00 - 00065536 _____ (SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\FAX Utility\FUUSBHLP.dll
2013-01-11 19:50 - 2012-02-28 12:00 - 00077824 _____ (SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\FAX Utility\Resource\FUPRBDEVRes.dll
2013-01-11 19:50 - 2012-02-29 01:00 - 00385024 _____ (SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\FAX Utility\FUFAXLDB.dll
2013-01-11 19:50 - 2012-02-29 01:00 - 00278528 _____ (SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\FAX Utility\FUFAXCFG.dll
2013-01-11 19:50 - 2012-02-29 01:00 - 00430080 _____ (SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\FAX Utility\FUFAXCSR.DLL
2013-01-11 19:50 - 2012-02-29 01:00 - 00421888 _____ (SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\FAX Utility\FUIMGCDC.dll
2013-01-11 19:50 - 2012-02-29 01:00 - 00212992 _____ (SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\FAX Utility\FUADRFIL.dll
2013-01-11 19:50 - 2012-02-29 01:00 - 00077824 _____ (SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\FAX Utility\FUSTMMSG.dll
2013-01-11 19:50 - 2012-02-29 01:00 - 00253952 _____ (SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\FAX Utility\FUVERDLG.dll
2013-01-11 19:50 - 2012-02-28 12:00 - 00090112 _____ (SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\FAX Utility\Resource\FUFAXCFGRes.dll
2013-01-11 19:50 - 2012-02-29 01:00 - 00536576 _____ (SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\FAX Utility\FUFAXTIF.dll
2013-01-11 19:50 - 2012-02-28 12:00 - 00106496 _____ (SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\FAX Utility\Resource\FUFAXSTM.dll
2013-09-13 16:46 - 2013-09-13 16:46 - 16244616 ____R (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\Flash32_11_8_800_174.ocx

==================== Alternate Data Streams (whitelisted) ==========

AlternateDataStreams: C:\ProgramData\Temp:373E1720

==================== Faulty Device Manager Devices =============

Name: USB Mass Storage Device
Description: USB Mass Storage Device
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: Compatible USB storage device
Service: USBSTOR
Problem: : Windows cannot use this hardware device because it has been prepared for safe removal, but it has not been removed from the computer. (Code 47)
Resolution: Unplug the device, and then plug it in again. Alternately, restart the computer to make the device available.

==================== Event log errors: =========================

Application errors:
==================
Error: (09/18/2013 01:00:00 PM) (Source: Customer Experience Improvement Program) (User: )
Description: 90080108

Error: (09/18/2013 11:51:35 AM) (Source: Customer Experience Improvement Program) (User: )
Description: 80004005

Error: (09/18/2013 09:31:08 AM) (Source: Application Hang) (User: )
Description: The program IEXPLORE.EXE version 10.0.9200.16686 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: f1c

Start Time: 01ceb4732cc26752

Termination Time: 62

Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Report Id:

Error: (09/17/2013 06:15:26 PM) (Source: Application Hang) (User: )
Description: The program IEXPLORE.EXE version 10.0.9200.16686 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 207c

Start Time: 01ceb3f2eea8b438

Termination Time: 31

Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Report Id:

Error: (09/17/2013 05:17:55 PM) (Source: Customer Experience Improvement Program) (User: )
Description: 80004005

Error: (09/16/2013 10:05:06 PM) (Source: Customer Experience Improvement Program) (User: )
Description: 90080108

Error: (09/16/2013 09:34:44 PM) (Source: Customer Experience Improvement Program) (User: )
Description: 80004005

Error: (09/15/2013 08:59:55 AM) (Source: Customer Experience Improvement Program) (User: )
Description: 80004005

Error: (09/14/2013 01:28:06 PM) (Source: Customer Experience Improvement Program) (User: )
Description: 90080108

Error: (09/14/2013 00:06:37 PM) (Source: Customer Experience Improvement Program) (User: )
Description: 80004005

System errors:
=============
Error: (09/18/2013 03:30:01 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (09/18/2013 03:29:41 PM) (Source: mbamchameleon) (User: )
Description: \Device\HarddiskVolume2\Program Files\Microsoft Security Client\MsMpEng.exe

Error: (09/18/2013 03:29:41 PM) (Source: mbamchameleon) (User: )
Description: \Device\HarddiskVolume2\PROGRAM FILES\MICROSOFT SECURITY CLIENT\MSMPENG.EXE

Error: (09/18/2013 03:28:28 PM) (Source: atikmdag) (User: )
Description: CPLIB :: General - Invalid Parameter

Error: (09/18/2013 03:26:18 PM) (Source: DCOM) (User: )
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}

Error: (09/18/2013 02:51:33 PM) (Source: mbamchameleon) (User: )
Description: \Device\HarddiskVolume2\PROGRAM FILES\MICROSOFT SECURITY CLIENT\NISSRV.EXE

Error: (09/18/2013 02:51:33 PM) (Source: mbamchameleon) (User: )
Description: \??\c:\Program Files\Microsoft Security Client\NisSrv.exe

Error: (09/18/2013 02:51:23 PM) (Source: mbamchameleon) (User: )
Description: C01C0005

Error: (09/18/2013 02:20:38 PM) (Source: mbamchameleon) (User: )
Description: \Device\HarddiskVolume2\PROGRAM FILES\MICROSOFT SECURITY CLIENT\MSSECES.EXE

Error: (09/18/2013 02:20:37 PM) (Source: mbamchameleon) (User: )
Description: \Device\HarddiskVolume2\PROGRAM FILES\MICROSOFT SECURITY CLIENT\MSMPENG.EXE

Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2013-09-13 18:16:56.365
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-09-13 18:16:55.897
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-09-12 16:49:38.341
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\_New Malware Utilities\HitmanPro_x86.exe because the set of per-page image hashes could not be found on the system.

  Date: 2013-09-12 16:49:36.827
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\_New Malware Utilities\HitmanPro_x86.exe because the set of per-page image hashes could not be found on the system.

  Date: 2013-09-12 16:49:11.150
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\_New Malware Utilities\HitmanPro_x86.exe because the set of per-page image hashes could not be found on the system.

  Date: 2013-09-12 16:49:09.652
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\_New Malware Utilities\HitmanPro_x86.exe because the set of per-page image hashes could not be found on the system.

  Date: 2013-09-12 16:49:08.170
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\_New Malware Utilities\HitmanPro_x86.exe because the set of per-page image hashes could not be found on the system.

  Date: 2013-09-12 16:49:06.610
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\_New Malware Utilities\HitmanPro_x86.exe because the set of per-page image hashes could not be found on the system.

  Date: 2013-09-12 16:49:05.097
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\_New Malware Utilities\HitmanPro_x86.exe because the set of per-page image hashes could not be found on the system.

  Date: 2013-09-12 16:49:03.428
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\_New Malware Utilities\HitmanPro_x86.exe because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Percentage of memory in use: 71%
Total physical RAM: 2812.2 MB
Available physical RAM: 797.55 MB
Total Pagefile: 5622.58 MB
Available Pagefile: 3022.68 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:219.07 GB) (Free:156.37 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (RECOVERY) (Fixed) (Total:13.52 GB) (Free:2.24 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.09 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 233 GB) (Disk ID: E48393F7)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=219 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=14 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=104 MB) - (Type=0C)

==================== End Of Log ============================



#11 pithblitz

pithblitz
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:02:52 AM

Posted 18 September 2013 - 03:59 PM

FRST Scan:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 16-09-2013
Ran by Sandra (administrator) on SANDRA-PC on 18-09-2013 16:50:23
Running from C:\Users\Sandra\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(Seiko Epson Corporation) C:\Windows\system32\EscSvc64.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\FAX Utility\FUFAXRCV.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\FAX Utility\FUFAXSTM.exe
(Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) c:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) \\?\C:\Windows\system32\wbem\WMIADAP.EXE
(Farbar) C:\Users\Sandra\Desktop\FRST64(1).exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [1356240 2013-06-20] (Microsoft Corporation)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-14] (Synaptics Incorporated)
HKCU\...\Run: [NortonOnlineBackupReminder] - C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe [600936 2009-06-29] (Symantec Corporation)
HKCU\...409d6c4515e9\InprocServer32: [Default-shell32] \\?\globalroot\Device\HarddiskVolume2\Users\Sandra\AppData\Local\Temp\svfqseq\sniqkiw\wow.dll ATTENTION! ====> ZeroAccess?
HKLM-x32\...\Run: [] -  [x]
HKLM-x32\...\Run: [FUFAXRCV] - C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe [502912 2012-02-29] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [FUFAXSTM] - C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [863360 2012-02-29] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKU\Judy.Sandra-PC\...\Run: [LightScribe Control Panel] - C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2363392 2010-03-19] (Hewlett-Packard Company)
HKU\Judy.Sandra-PC\...\Run: [HPADVISOR] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe [1685048 2009-09-29] (Hewlett-Packard)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://webmail.verizon.net/signin/
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {6F054EFF-DAB5-4F84-8257-2D39BA1611D1} URL = http://www.bing.com/search?q={searchTerms}&form=CPNTDF&pc=CPNTDF&src=IE-SearchBox
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {D8D7FA64-0745-4C8B-913E-DB124048F3AC} URL = http://www.ask.com/web?q={searchTerms}&l=dis&o=uscql
SearchScopes: HKCU - {6F054EFF-DAB5-4F84-8257-2D39BA1611D1} URL =
SearchScopes: HKCU - {D8D7FA64-0745-4C8B-913E-DB124048F3AC} URL =
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Microsoft Live Search Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM-x32 - Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.)
DPF: HKLM-x32 {01113300-3E00-11D2-8470-0060089874ED} https://activatemywifi.verizon.net/sdcCommon/download/WIFI/Verizon%20WiFi%20Installer.cab
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
DPF: HKLM-x32 {8BE5651C-D60B-4B59-B5B2-F0EB93733D17} https://www36.verizon.com/FiOSVoice/UnProtected/FiosVoiceVMUtil.CAB
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.1

==================== Services (Whitelisted) =================

S4 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe [89600 2009-03-02] (Andrea Electronics Corporation)
R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [135824 2011-12-12] (Seiko Epson Corporation)
S4 IHA_MessageCenter; C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [352248 2012-08-03] (Verizon)
S4 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [116104 2010-04-05] ()
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-06-20] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366600 2013-06-20] (Microsoft Corporation)
S4 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [247152 2009-07-06] ()
S4 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\STacSV64.exe [240128 2009-07-21] (IDT, Inc.)

==================== Drivers (Whitelisted) ====================

R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [14456 2013-02-16] (GFI Software)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [247216 2013-06-18] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [139616 2013-06-18] (Microsoft Corporation)
S3 ssmirrdr; C:\Windows\System32\DRIVERS\ssmirrdr.sys [10112 2012-06-14] (support.com, Inc)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S4 RtsUIR; system32\DRIVERS\Rts516xIR.sys [x]
S4 USBCCID; system32\DRIVERS\RtsUCcid.sys [x]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-09-18 16:49 - 2013-09-18 16:49 - 00000000 ____D C:\FRST
2013-09-18 16:48 - 2013-09-18 16:47 - 01950594 _____ (Farbar) C:\Users\Sandra\Desktop\FRST64(1).exe
2013-09-17 18:46 - 2013-09-18 14:52 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-09-17 18:42 - 2013-09-18 14:52 - 00000000 ____D C:\Users\Sandra\Desktop\mbar
2013-09-17 18:27 - 2013-09-17 18:30 - 00000000 ____D C:\AdwCleaner
2013-09-17 18:26 - 2013-09-17 18:25 - 01039554 _____ C:\Users\Sandra\Desktop\adwcleaner.exe
2013-09-16 13:30 - 2013-09-16 13:30 - 00009827 _____ C:\Users\Sandra\Desktop\attach.txt
2013-09-16 13:30 - 2013-09-16 13:29 - 00011997 _____ C:\Users\Sandra\Desktop\dds.txt
2013-09-13 18:23 - 2013-09-13 18:23 - 00019963 _____ C:\ComboFix.txt
2013-09-13 18:00 - 2013-09-13 18:23 - 00000000 ____D C:\ComboFix
2013-09-13 18:00 - 2011-06-26 02:45 - 00256000 _____ C:\Windows\PEV.exe
2013-09-13 18:00 - 2010-11-07 13:20 - 00208896 _____ C:\Windows\MBR.exe
2013-09-13 18:00 - 2009-04-20 00:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-09-13 18:00 - 2000-08-30 20:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-09-13 18:00 - 2000-08-30 20:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-09-13 18:00 - 2000-08-30 20:00 - 00098816 _____ C:\Windows\sed.exe
2013-09-13 18:00 - 2000-08-30 20:00 - 00080412 _____ C:\Windows\grep.exe
2013-09-13 18:00 - 2000-08-30 20:00 - 00068096 _____ C:\Windows\zip.exe
2013-09-13 17:59 - 2013-09-13 18:23 - 00000000 ____D C:\Qoobox
2013-09-13 17:59 - 2013-09-13 18:20 - 00000000 ____D C:\Windows\erdnt
2013-09-13 17:56 - 2013-09-13 17:35 - 05125631 ____R (Swearware) C:\Users\Sandra\Desktop\ComboFix.exe
2013-09-13 17:56 - 2013-09-13 17:34 - 00688992 ____R (Swearware) C:\Users\Sandra\Desktop\dds.com
2013-09-12 03:37 - 2013-08-10 01:22 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-09-12 03:37 - 2013-08-10 01:22 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-09-12 03:37 - 2013-08-10 01:22 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-09-12 03:37 - 2013-08-10 01:21 - 19246592 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-09-12 03:37 - 2013-08-10 01:21 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-09-12 03:37 - 2013-08-10 01:21 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-09-12 03:37 - 2013-08-10 01:20 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-09-12 03:37 - 2013-08-10 01:20 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-09-12 03:37 - 2013-08-10 01:20 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-09-12 03:37 - 2013-08-10 01:20 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-09-12 03:37 - 2013-08-10 01:20 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-09-12 03:37 - 2013-08-10 01:20 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-09-12 03:37 - 2013-08-10 01:20 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-09-12 03:37 - 2013-08-10 01:20 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-09-12 03:37 - 2013-08-09 23:59 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-09-12 03:37 - 2013-08-09 23:59 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-09-12 03:37 - 2013-08-09 23:58 - 14332928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-09-12 03:37 - 2013-08-09 23:58 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-09-12 03:37 - 2013-08-09 23:58 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-09-12 03:37 - 2013-08-09 23:58 - 02048000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-09-12 03:37 - 2013-08-09 23:58 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-09-12 03:37 - 2013-08-09 23:58 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-09-12 03:37 - 2013-08-09 23:58 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-09-12 03:37 - 2013-08-09 23:58 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-09-12 03:37 - 2013-08-09 23:58 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-09-12 03:37 - 2013-08-09 23:58 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-09-12 03:37 - 2013-08-09 23:58 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-09-12 03:37 - 2013-08-09 23:17 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-09-12 03:37 - 2013-08-09 23:07 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-09-12 03:37 - 2013-08-09 22:27 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-09-12 03:37 - 2013-08-09 22:17 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-09-12 01:21 - 2013-07-25 22:24 - 14172672 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2013-09-12 01:21 - 2013-07-25 22:24 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2013-09-12 01:21 - 2013-07-25 21:55 - 12872704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2013-09-12 01:21 - 2013-07-25 21:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2013-09-11 10:39 - 2013-08-04 22:25 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys
2013-09-11 10:39 - 2013-08-01 22:23 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-09-11 10:39 - 2013-08-01 22:15 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-09-11 10:39 - 2013-08-01 22:15 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-09-11 10:39 - 2013-08-01 22:13 - 01161216 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2013-09-11 10:39 - 2013-08-01 22:13 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2013-09-11 10:39 - 2013-08-01 21:59 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-09-11 10:39 - 2013-08-01 21:59 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-09-11 10:39 - 2013-08-01 21:51 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-09-11 10:39 - 2013-08-01 21:50 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2013-09-11 10:39 - 2013-08-01 21:50 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2013-09-11 10:39 - 2013-08-01 20:59 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2013-09-11 10:38 - 2013-08-01 22:15 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2013-09-11 10:38 - 2013-08-01 22:15 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2013-09-11 10:38 - 2013-08-01 22:14 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2013-09-11 10:38 - 2013-08-01 22:14 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2013-09-11 10:38 - 2013-08-01 22:12 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2013-09-11 10:38 - 2013-08-01 22:12 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2013-09-11 10:38 - 2013-08-01 22:12 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2013-09-11 10:38 - 2013-08-01 22:12 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2013-09-11 10:38 - 2013-08-01 22:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-11 10:38 - 2013-08-01 22:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-11 10:38 - 2013-08-01 22:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-11 10:38 - 2013-08-01 22:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2013-09-11 10:38 - 2013-08-01 22:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-11 10:38 - 2013-08-01 22:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2013-09-11 10:38 - 2013-08-01 22:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-11 10:38 - 2013-08-01 22:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-11 10:38 - 2013-08-01 22:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-11 10:38 - 2013-08-01 22:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2013-09-11 10:38 - 2013-08-01 22:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2013-09-11 10:38 - 2013-08-01 22:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-11 10:38 - 2013-08-01 22:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2013-09-11 10:38 - 2013-08-01 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2013-09-11 10:38 - 2013-08-01 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2013-09-11 10:38 - 2013-08-01 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2013-09-11 10:38 - 2013-08-01 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2013-09-11 10:38 - 2013-08-01 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2013-09-11 10:38 - 2013-08-01 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-11 10:38 - 2013-08-01 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2013-09-11 10:38 - 2013-08-01 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2013-09-11 10:38 - 2013-08-01 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-11 10:38 - 2013-08-01 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2013-09-11 10:38 - 2013-08-01 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2013-09-11 10:38 - 2013-08-01 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2013-09-11 10:38 - 2013-08-01 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2013-09-11 10:38 - 2013-08-01 21:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-09-11 10:38 - 2013-08-01 21:48 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2013-09-11 10:38 - 2013-08-01 21:48 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2013-09-11 10:38 - 2013-08-01 21:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-11 10:38 - 2013-08-01 21:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-11 10:38 - 2013-08-01 21:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2013-09-11 10:38 - 2013-08-01 21:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2013-09-11 10:38 - 2013-08-01 21:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-11 10:38 - 2013-08-01 21:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2013-09-11 10:38 - 2013-08-01 21:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-11 10:38 - 2013-08-01 21:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-11 10:38 - 2013-08-01 21:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2013-09-11 10:38 - 2013-08-01 21:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-11 10:38 - 2013-08-01 21:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-11 10:38 - 2013-08-01 21:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2013-09-11 10:38 - 2013-08-01 21:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2013-09-11 10:38 - 2013-08-01 21:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-11 10:38 - 2013-08-01 21:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2013-09-11 10:38 - 2013-08-01 21:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2013-09-11 10:38 - 2013-08-01 21:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2013-09-11 10:38 - 2013-08-01 21:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2013-09-11 10:38 - 2013-08-01 21:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-11 10:38 - 2013-08-01 21:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2013-09-11 10:38 - 2013-08-01 21:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2013-09-11 10:38 - 2013-08-01 21:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2013-09-11 10:38 - 2013-08-01 21:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2013-09-11 10:38 - 2013-08-01 21:09 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2013-09-11 10:38 - 2013-08-01 20:45 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-09-11 10:38 - 2013-08-01 20:45 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-09-11 10:38 - 2013-08-01 20:45 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-09-11 10:38 - 2013-08-01 20:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-09-11 10:38 - 2013-08-01 20:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2013-09-11 10:38 - 2013-08-01 20:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-11 10:38 - 2013-08-01 20:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2013-09-11 10:38 - 2013-08-01 20:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2013-09-11 10:36 - 2013-08-07 21:20 - 03155456 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-09-10 19:18 - 2013-09-10 19:18 - 92386576 _____ (Microsoft Corporation) C:\Users\Sandra\Desktop\msert.exe
2013-09-07 23:23 - 2013-09-07 23:23 - 00000000 ____D C:\ProgramData\Recovery
2013-09-07 21:55 - 2013-09-16 15:56 - 00003192 _____ C:\Windows\System32\Tasks\HPCeeScheduleForSandra
2013-09-07 19:29 - 2013-09-07 19:29 - 00229984 _____ (Kaspersky Lab, GERT) C:\Windows\system32\Drivers\07433205.sys
2013-09-06 19:24 - 2013-08-29 15:25 - 01023533 _____ (Thisisu) C:\Users\Sandra\Desktop\JRT.exe
2013-09-06 19:24 - 2013-08-21 12:10 - 02748256 _____ (Kaspersky Lab ZAO) C:\Users\Sandra\Desktop\TDSSKiller.exe
2013-09-06 16:23 - 2013-09-07 12:15 - 00000000 ____D C:\Kaspersky Rescue Disk 10.0
2013-09-06 10:23 - 2013-09-09 11:25 - 00000000 ____D C:\Users\Sandra\Desktop\rkill-backup
2013-09-06 10:23 - 2013-09-06 18:38 - 00000000 ____D C:\Users\Sandra\Desktop\RK_Quarantine
2013-09-06 10:22 - 2013-09-09 11:25 - 00002106 _____ C:\Users\Sandra\Desktop\Rkill.txt
2013-09-06 10:22 - 2012-08-09 09:47 - 01051552 _____ (Bleeping Computer, LLC) C:\Users\Sandra\Desktop\rkill.exe
2013-09-05 12:43 - 2013-09-06 09:16 - 00918016 _____ C:\Users\Sandra\Desktop\RogueKiller.exe
2013-09-02 08:20 - 2013-09-02 08:24 - 00000055 _____ C:\Users\Judy.Sandra-PC\AppData\Roaming\mbam.context.scan

==================== One Month Modified Files and Folders =======

2013-09-18 16:49 - 2013-09-18 16:49 - 00000000 ____D C:\FRST
2013-09-18 16:47 - 2013-09-18 16:48 - 01950594 _____ (Farbar) C:\Users\Sandra\Desktop\FRST64(1).exe
2013-09-18 16:45 - 2013-03-20 06:11 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-09-18 15:53 - 2009-10-27 04:21 - 01483319 _____ C:\Windows\WindowsUpdate.log
2013-09-18 15:40 - 2009-07-14 00:45 - 00023248 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-18 15:40 - 2009-07-14 00:45 - 00023248 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-18 15:28 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-09-18 15:28 - 2009-07-14 00:51 - 00095940 _____ C:\Windows\setupact.log
2013-09-18 14:52 - 2013-09-17 18:46 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-09-18 14:52 - 2013-09-17 18:42 - 00000000 ____D C:\Users\Sandra\Desktop\mbar
2013-09-17 18:47 - 2009-07-14 01:13 - 00779306 _____ C:\Windows\system32\PerfStringBackup.INI
2013-09-17 18:30 - 2013-09-17 18:27 - 00000000 ____D C:\AdwCleaner
2013-09-17 18:25 - 2013-09-17 18:26 - 01039554 _____ C:\Users\Sandra\Desktop\adwcleaner.exe
2013-09-16 15:56 - 2013-09-07 21:55 - 00003192 _____ C:\Windows\System32\Tasks\HPCeeScheduleForSandra
2013-09-16 15:56 - 2012-06-23 22:13 - 00000336 _____ C:\Windows\Tasks\HPCeeScheduleForSandra.job
2013-09-16 13:30 - 2013-09-16 13:30 - 00009827 _____ C:\Users\Sandra\Desktop\attach.txt
2013-09-16 13:29 - 2013-09-16 13:30 - 00011997 _____ C:\Users\Sandra\Desktop\dds.txt
2013-09-16 12:10 - 2009-10-27 04:24 - 00528810 _____ C:\Windows\PFRO.log
2013-09-13 18:23 - 2013-09-13 18:23 - 00019963 _____ C:\ComboFix.txt
2013-09-13 18:23 - 2013-09-13 18:00 - 00000000 ____D C:\ComboFix
2013-09-13 18:23 - 2013-09-13 17:59 - 00000000 ____D C:\Qoobox
2013-09-13 18:23 - 2009-07-13 23:20 - 00000000 ___RD C:\Users\Default
2013-09-13 18:20 - 2013-09-13 17:59 - 00000000 ____D C:\Windows\erdnt
2013-09-13 18:18 - 2009-07-13 22:34 - 00000215 _____ C:\Windows\system.ini
2013-09-13 18:17 - 2010-04-09 15:39 - 00000000 ____D C:\Users\Sandra
2013-09-13 17:59 - 2009-07-14 01:08 - 00032620 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-09-13 17:35 - 2013-09-13 17:56 - 05125631 ____R (Swearware) C:\Users\Sandra\Desktop\ComboFix.exe
2013-09-13 17:34 - 2013-09-13 17:56 - 00688992 ____R (Swearware) C:\Users\Sandra\Desktop\dds.com
2013-09-13 17:33 - 2009-10-30 22:57 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-09-13 16:46 - 2013-03-20 06:11 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-09-13 16:46 - 2012-07-22 18:36 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-09-13 16:46 - 2012-03-18 19:37 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-09-12 09:30 - 2010-04-09 15:45 - 00000000 ___RD C:\Users\Sandra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-09-12 09:30 - 2010-04-09 15:45 - 00000000 ___RD C:\Users\Sandra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-09-12 03:59 - 2009-07-14 00:45 - 00354704 _____ C:\Windows\system32\FNTCACHE.DAT
2013-09-12 03:37 - 2013-08-16 00:08 - 00000000 ____D C:\Windows\system32\MRT
2013-09-12 03:34 - 2010-04-12 07:46 - 79143768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-09-12 00:32 - 2013-01-07 13:09 - 00000000 ____D C:\Users\Sandra\AppData\Local\CrashDumps
2013-09-10 19:18 - 2013-09-10 19:18 - 92386576 _____ (Microsoft Corporation) C:\Users\Sandra\Desktop\msert.exe
2013-09-09 11:25 - 2013-09-06 10:23 - 00000000 ____D C:\Users\Sandra\Desktop\rkill-backup
2013-09-09 11:25 - 2013-09-06 10:22 - 00002106 _____ C:\Users\Sandra\Desktop\Rkill.txt
2013-09-07 23:23 - 2013-09-07 23:23 - 00000000 ____D C:\ProgramData\Recovery
2013-09-07 19:52 - 2013-03-23 11:15 - 00000000 ____D C:\TDSSKiller_Quarantine
2013-09-07 19:29 - 2013-09-07 19:29 - 00229984 _____ (Kaspersky Lab, GERT) C:\Windows\system32\Drivers\07433205.sys
2013-09-07 12:15 - 2013-09-06 16:23 - 00000000 ____D C:\Kaspersky Rescue Disk 10.0
2013-09-06 18:38 - 2013-09-06 10:23 - 00000000 ____D C:\Users\Sandra\Desktop\RK_Quarantine
2013-09-06 09:16 - 2013-09-05 12:43 - 00918016 _____ C:\Users\Sandra\Desktop\RogueKiller.exe
2013-09-05 10:49 - 2012-07-07 23:43 - 00001945 _____ C:\Windows\epplauncher.mif
2013-09-05 10:45 - 2013-02-19 14:50 - 00000000 ____D C:\Program Files\Microsoft Security Client
2013-09-05 10:44 - 2013-02-19 14:50 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2013-09-02 15:30 - 2009-07-14 01:32 - 00000000 ____D C:\Windows\system32\FxsTmp
2013-09-02 08:24 - 2013-09-02 08:20 - 00000055 _____ C:\Users\Judy.Sandra-PC\AppData\Roaming\mbam.context.scan
2013-09-01 09:39 - 2013-06-22 06:43 - 00000196 _____ C:\Users\Sandra\Desktop\Welcome to Facebook - Log In, Sign Up or Learn More.url
2013-08-29 15:25 - 2013-09-06 19:24 - 01023533 _____ (Thisisu) C:\Users\Sandra\Desktop\JRT.exe
2013-08-28 16:04 - 2012-03-15 13:57 - 00004558 _____ C:\Users\Sandra\AppData\Roaming\wklnhst.dat
2013-08-21 12:10 - 2013-09-06 19:24 - 02748256 _____ (Kaspersky Lab ZAO) C:\Users\Sandra\Desktop\TDSSKiller.exe

Files to move or delete:
====================
ZeroAccess:
C:\Users\Sandra\AppData\Local\Google\Desktop\Install

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2013-09-12 04:29

==================== End Of Log ============================



#12 seedy21

seedy21

  • Malware Response Team
  • 742 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Yorkshire, UK
  • Local time:08:52 AM

Posted 18 September 2013 - 05:29 PM

Hello pithblitz

Looks like we have a bit more work to do

Step 1

Open notepad. Please copy the contents of the code box below.
To do this highlight the contents of the box and right click on it and select Copy. Paste this into the open notepad.
Save it to on the Desktop as fixlist.txt
C:\Users\Sandra\AppData\Local\Google\Desktop\Install
C:\ProgramData\Temp:373E1720
NOTICE: This script was written specifically for this user, for use on that particular machine.
Running this on another machine may cause damage to your operating system



Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt) please post it to your reply.

Step 2
 
  • Download TDSSKiller and save it to your Desktop.
  • Doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • Click the Report button and copy/paste the contents of it into your next reply
Note:It will also create a log in the C:\ directory.in the style of "TDSSKiller.[Version]_[Date]_[Time]_log.txt"


Step 3

Please delete Combofix from your computer and Download a fresh copy.


More information about Installing and run Combofix can be found HERE

Please download ComboFix from one of the following locations:**IMPORTANT! Save ComboFix to your Desktop. Read the following thoroughly
  • Close any open browsers.
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools.  Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : How to Disable your Security Programs
  • Double click on 'ComboFix.exe' & follow the prompts.
  • If ComboFix finds any Updates, Please allow ComboFix to run them.
 
 
  • ComboFix will now disconnect your computer from the Internet and start scanning for Malware so do not be surprised or concerned if you receive any warnings stating that you are no longer on the Internet. When ComboFix has finished it will automatically restore your Internet connection. please be patient.
  • When the scan finished, it will delete the malware found and reboot your computer automatically. Don't reboot your computer manually, let ComboFix do it.
  • Once your computer is rebooted, ComboFix will start preparing a log. Please let it do so unhindered.
  • If you see your Windows desktop disappear, do not worry. This is normal and ComboFix will restore your desktop before it is finished. Eventually you will see a new screen that states the program is almost finished and telling you the programs log file, or report, will be located at C:\ComboFix.txt.

    Please include the contents of C:\ComboFix.txt in your next reply.
Please Enable your Anti-virus Software again !!

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. ComboFix may reset a number of Internet Explorer's settings, including making Internet Explorer the default browser.
4. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security.
 
 
 
 

Edited by seedy21, 18 September 2013 - 05:48 PM.

“It's only after we've lost everything that we're free to do anything.”
― Chuck Palahniuk, Fight Club

unite_blue.png


#13 pithblitz

pithblitz
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:02:52 AM

Posted 18 September 2013 - 05:41 PM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 16-09-2013
Ran by Sandra at 2013-09-18 18:41:07 Run:1
Running from C:\Users\Sandra\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************

*****************

==== End of Fixlog ====



#14 pithblitz

pithblitz
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:02:52 AM

Posted 18 September 2013 - 05:55 PM

TDSS:

 

18:53:29.0549 8872  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
18:53:30.0282 8872  ============================================================
18:53:30.0282 8872  Current date / time: 2013/09/18 18:53:30.0282
18:53:30.0282 8872  SystemInfo:
18:53:30.0282 8872 
18:53:30.0282 8872  OS Version: 6.1.7601 ServicePack: 1.0
18:53:30.0282 8872  Product type: Workstation
18:53:30.0282 8872  ComputerName: SANDRA-PC
18:53:30.0282 8872  UserName: Sandra
18:53:30.0282 8872  Windows directory: C:\Windows
18:53:30.0282 8872  System windows directory: C:\Windows
18:53:30.0282 8872  Running under WOW64
18:53:30.0282 8872  Processor architecture: Intel x64
18:53:30.0282 8872  Number of processors: 2
18:53:30.0282 8872  Page size: 0x1000
18:53:30.0282 8872  Boot type: Normal boot
18:53:30.0282 8872  ============================================================
18:53:34.0385 8872  Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
18:53:34.0401 8872  ============================================================
18:53:34.0401 8872  \Device\Harddisk0\DR0:
18:53:34.0401 8872  MBR partitions:
18:53:34.0401 8872  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
18:53:34.0401 8872  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x1B621800
18:53:34.0401 8872  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x1B685800, BlocksNum 0x1B0C000
18:53:34.0401 8872  \Device\Harddisk0\DR0\Partition4: MBR, Type 0xC, StartLBA 0x1D191800, BlocksNum 0x34000
18:53:34.0401 8872  ============================================================
18:53:34.0447 8872  C: <-> \Device\Harddisk0\DR0\Partition2
18:53:34.0479 8872  D: <-> \Device\Harddisk0\DR0\Partition3
18:53:34.0494 8872  E: <-> \Device\Harddisk0\DR0\Partition4
18:53:34.0494 8872  ============================================================
18:53:34.0494 8872  Initialize success
18:53:34.0494 8872  ============================================================
18:53:37.0801 9604  ============================================================
18:53:37.0801 9604  Scan started
18:53:37.0801 9604  Mode: Manual;
18:53:37.0801 9604  ============================================================
18:53:45.0976 9604  ================ Scan system memory ========================
18:53:45.0976 9604  System memory - ok
18:53:45.0976 9604  ================ Scan services =============================
18:53:47.0255 9604  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
18:53:47.0271 9604  1394ohci - ok
18:53:47.0364 9604  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
18:53:47.0380 9604  ACPI - ok
18:53:47.0427 9604  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
18:53:47.0442 9604  AcpiPmi - ok
18:53:47.0598 9604  [ ADDA5E1951B90D3D23C56D3CF0622ADC ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
18:53:47.0598 9604  AdobeARMservice - ok
18:53:47.0957 9604  [ 7BBAF543CABE8A8D275BC7F6C66C1959 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
18:53:47.0973 9604  AdobeFlashPlayerUpdateSvc - ok
18:53:48.0019 9604  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
18:53:48.0019 9604  adp94xx - ok
18:53:48.0066 9604  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
18:53:48.0066 9604  adpahci - ok
18:53:48.0097 9604  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
18:53:48.0113 9604  adpu320 - ok
18:53:48.0144 9604  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
18:53:48.0144 9604  AeLookupSvc - ok
18:53:48.0303 9604  [ A6FB9DB8F1A86861D955FD6975977AE0 ] AESTFilters     C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe
18:53:48.0334 9604  AESTFilters - ok
18:53:48.0428 9604  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\Windows\system32\drivers\afd.sys
18:53:48.0444 9604  AFD - ok
18:53:48.0506 9604  [ B65F8DBA54F251906BBE8611B5A0E7AB ] AgereModemAudio C:\Program Files\LSI SoftModem\agr64svc.exe
18:53:48.0506 9604  AgereModemAudio - ok
18:53:48.0568 9604  [ AF4748EF93416159459769A24A0053AF ] AgereSoftModem  C:\Windows\system32\DRIVERS\agrsm64.sys
18:53:48.0600 9604  AgereSoftModem - ok
18:53:48.0662 9604  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
18:53:48.0662 9604  agp440 - ok
18:53:48.0693 9604  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
18:53:48.0709 9604  ALG - ok
18:53:48.0865 9604  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
18:53:48.0927 9604  aliide - ok
18:53:49.0005 9604  [ BCC32BF5EBB5DFD4380FA053D3651949 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
18:53:49.0021 9604  AMD External Events Utility - ok
18:53:49.0068 9604  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
18:53:49.0099 9604  amdide - ok
18:53:49.0255 9604  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
18:53:49.0255 9604  AmdK8 - ok
18:53:49.0302 9604  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
18:53:49.0302 9604  AmdPPM - ok
18:53:49.0333 9604  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
18:53:49.0333 9604  amdsata - ok
18:53:49.0411 9604  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
18:53:49.0411 9604  amdsbs - ok
18:53:49.0582 9604  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
18:53:49.0598 9604  amdxata - ok
18:53:49.0645 9604  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys
18:53:49.0645 9604  AppID - ok
18:53:49.0676 9604  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
18:53:49.0692 9604  AppIDSvc - ok
18:53:49.0738 9604  [ 9D2A2369AB4B08A4905FE72DB104498F ] Appinfo         C:\Windows\System32\appinfo.dll
18:53:49.0754 9604  Appinfo - ok
18:53:49.0832 9604  [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
18:53:49.0848 9604  Apple Mobile Device - ok
18:53:49.0988 9604  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\DRIVERS\arc.sys
18:53:50.0019 9604  arc - ok
18:53:50.0082 9604  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
18:53:50.0082 9604  arcsas - ok
18:53:50.0269 9604  [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
18:53:50.0269 9604  aspnet_state - ok
18:53:50.0316 9604  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
18:53:50.0316 9604  AsyncMac - ok
18:53:50.0362 9604  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
18:53:50.0362 9604  atapi - ok
18:53:50.0940 9604  [ B4421D8CDADC441F76BA39532A3E3414 ] athr            C:\Windows\system32\DRIVERS\athrx.sys
18:53:51.0142 9604  athr - ok
18:53:51.0985 9604  [ A29087680A1C3B049E3C05438E8FF2B8 ] atikmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
18:53:52.0219 9604  atikmdag - ok
18:53:52.0250 9604  [ 7C5D273E29DCC5505469B299C6F29163 ] AtiPcie         C:\Windows\system32\DRIVERS\AtiPcie.sys
18:53:52.0250 9604  AtiPcie - ok
18:53:52.0281 9604  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
18:53:52.0297 9604  AudioEndpointBuilder - ok
18:53:52.0328 9604  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
18:53:52.0344 9604  AudioSrv - ok
18:53:52.0359 9604  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
18:53:52.0359 9604  AxInstSV - ok
18:53:52.0422 9604  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbda.sys
18:53:52.0422 9604  b06bdrv - ok
18:53:52.0468 9604  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
18:53:52.0484 9604  b57nd60a - ok
18:53:52.0515 9604  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
18:53:52.0515 9604  BDESVC - ok
18:53:52.0546 9604  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
18:53:52.0578 9604  Beep - ok
18:53:52.0702 9604  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\Windows\System32\bfe.dll
18:53:52.0749 9604  BFE - ok
18:53:53.0014 9604  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\System32\qmgr.dll
18:53:53.0030 9604  BITS - ok
18:53:53.0092 9604  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
18:53:53.0108 9604  blbdrive - ok
18:53:53.0155 9604  [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
18:53:53.0170 9604  Bonjour Service - ok
18:53:53.0217 9604  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
18:53:53.0217 9604  bowser - ok
18:53:53.0233 9604  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
18:53:53.0248 9604  BrFiltLo - ok
18:53:53.0264 9604  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
18:53:53.0264 9604  BrFiltUp - ok
18:53:53.0326 9604  [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP        C:\Windows\system32\DRIVERS\bridge.sys
18:53:53.0326 9604  BridgeMP - ok
18:53:53.0389 9604  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\Windows\System32\browser.dll
18:53:53.0404 9604  Browser - ok
18:53:53.0498 9604  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
18:53:53.0498 9604  Brserid - ok
18:53:53.0514 9604  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
18:53:53.0514 9604  BrSerWdm - ok
18:53:53.0545 9604  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
18:53:53.0560 9604  BrUsbMdm - ok
18:53:53.0592 9604  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
18:53:53.0623 9604  BrUsbSer - ok
18:53:53.0654 9604  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
18:53:53.0670 9604  BTHMODEM - ok
18:53:53.0701 9604  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
18:53:53.0716 9604  bthserv - ok
18:53:53.0872 9604  catchme - ok
18:53:53.0950 9604  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
18:53:53.0950 9604  cdfs - ok
18:53:54.0013 9604  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\drivers\cdrom.sys
18:53:54.0013 9604  cdrom - ok
18:53:54.0075 9604  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll
18:53:54.0075 9604  CertPropSvc - ok
18:53:54.0106 9604  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
18:53:54.0106 9604  circlass - ok
18:53:54.0153 9604  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
18:53:54.0169 9604  CLFS - ok
18:53:54.0247 9604  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:53:54.0262 9604  clr_optimization_v2.0.50727_32 - ok
18:53:54.0325 9604  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
18:53:54.0325 9604  clr_optimization_v2.0.50727_64 - ok
18:53:54.0450 9604  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:53:54.0450 9604  clr_optimization_v4.0.30319_32 - ok
18:53:54.0496 9604  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
18:53:54.0512 9604  clr_optimization_v4.0.30319_64 - ok
18:53:54.0528 9604  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
18:53:54.0528 9604  CmBatt - ok
18:53:54.0574 9604  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
18:53:54.0574 9604  cmdide - ok
18:53:54.0699 9604  [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG             C:\Windows\system32\Drivers\cng.sys
18:53:54.0715 9604  CNG - ok
18:53:54.0871 9604  [ F9A79C5B27037821112C50A9C8FB367A ] Com4QLBEx       C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
18:53:54.0871 9604  Com4QLBEx - ok
18:53:54.0933 9604  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
18:53:54.0949 9604  Compbatt - ok
18:53:55.0011 9604  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
18:53:55.0011 9604  CompositeBus - ok
18:53:55.0027 9604  COMSysApp - ok
18:53:55.0245 9604  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
18:53:55.0308 9604  crcdisk - ok
18:53:55.0354 9604  [ 6B400F211BEE880A37A1ED0368776BF4 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
18:53:55.0370 9604  CryptSvc - ok
18:53:55.0448 9604  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
18:53:55.0448 9604  DcomLaunch - ok
18:53:55.0542 9604  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
18:53:55.0557 9604  defragsvc - ok
18:53:55.0573 9604  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
18:53:55.0588 9604  DfsC - ok
18:53:55.0635 9604  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
18:53:55.0635 9604  Dhcp - ok
18:53:55.0682 9604  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
18:53:55.0698 9604  discache - ok
18:53:55.0744 9604  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\DRIVERS\disk.sys
18:53:55.0744 9604  Disk - ok
18:53:55.0807 9604  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
18:53:55.0807 9604  Dnscache - ok
18:53:55.0869 9604  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll
18:53:55.0900 9604  dot3svc - ok
18:53:55.0932 9604  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll
18:53:55.0932 9604  DPS - ok
18:53:56.0025 9604  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
18:53:56.0025 9604  drmkaud - ok
18:53:56.0072 9604  [ AF2E16242AA723F68F461B6EAE2EAD3D ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
18:53:56.0103 9604  DXGKrnl - ok
18:53:56.0119 9604  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
18:53:56.0134 9604  EapHost - ok
18:53:56.0587 9604  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\DRIVERS\evbda.sys
18:53:56.0634 9604  ebdrv - ok
18:53:56.0665 9604  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\Windows\System32\lsass.exe
18:53:56.0665 9604  EFS - ok
18:53:56.0712 9604  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
18:53:56.0727 9604  ehRecvr - ok
18:53:56.0743 9604  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
18:53:56.0758 9604  ehSched - ok
18:53:56.0868 9604  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
18:53:56.0914 9604  elxstor - ok
18:53:57.0226 9604  [ 1E0764A8A8F39BAAEB271DA597422584 ] EpsonCustomerParticipation C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
18:53:57.0289 9604  EpsonCustomerParticipation - ok
18:53:57.0320 9604  [ 20ECD0A490A121CB34F553FAD1DBBD39 ] EpsonScanSvc    C:\Windows\system32\EscSvc64.exe
18:53:57.0320 9604  EpsonScanSvc - ok
18:53:57.0336 9604  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
18:53:57.0351 9604  ErrDev - ok
18:53:57.0398 9604  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
18:53:57.0414 9604  EventSystem - ok
18:53:57.0460 9604  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
18:53:57.0460 9604  exfat - ok
18:53:57.0523 9604  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
18:53:57.0538 9604  fastfat - ok
18:53:57.0616 9604  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe
18:53:57.0632 9604  Fax - ok
18:53:57.0648 9604  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
18:53:57.0663 9604  fdc - ok
18:53:57.0679 9604  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
18:53:57.0694 9604  fdPHost - ok
18:53:57.0710 9604  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
18:53:57.0710 9604  FDResPub - ok
18:53:57.0741 9604  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
18:53:57.0757 9604  FileInfo - ok
18:53:57.0772 9604  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
18:53:57.0772 9604  Filetrace - ok
18:53:57.0804 9604  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
18:53:57.0804 9604  flpydisk - ok
18:53:57.0866 9604  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
18:53:57.0913 9604  FltMgr - ok
18:53:58.0038 9604  [ C4C183E6551084039EC862DA1C945E3D ] FontCache       C:\Windows\system32\FntCache.dll
18:53:58.0084 9604  FontCache - ok
18:53:58.0178 9604  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
18:53:58.0178 9604  FontCache3.0.0.0 - ok
18:53:58.0209 9604  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
18:53:58.0225 9604  FsDepends - ok
18:53:58.0287 9604  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
18:53:58.0287 9604  Fs_Rec - ok
18:53:58.0334 9604  [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
18:53:58.0350 9604  fvevol - ok
18:53:58.0396 9604  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
18:53:58.0396 9604  gagp30kx - ok
18:53:58.0428 9604  [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
18:53:58.0428 9604  GEARAspiWDM - ok
18:53:58.0459 9604  [ 14908F4F9005C29DE8F5587E271390EE ] gfibto          C:\Windows\system32\drivers\gfibto.sys
18:53:58.0459 9604  gfibto - ok
18:53:58.0552 9604  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll
18:53:58.0568 9604  gpsvc - ok
18:53:58.0599 9604  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
18:53:58.0630 9604  hcw85cir - ok
18:53:58.0818 9604  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
18:53:58.0849 9604  HdAudAddService - ok
18:53:58.0974 9604  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
18:53:58.0989 9604  HDAudBus - ok
18:53:59.0020 9604  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
18:53:59.0020 9604  HidBatt - ok
18:53:59.0130 9604  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
18:53:59.0130 9604  HidBth - ok
18:53:59.0192 9604  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
18:53:59.0192 9604  HidIr - ok
18:53:59.0239 9604  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\System32\hidserv.dll
18:53:59.0239 9604  hidserv - ok
18:53:59.0301 9604  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\drivers\hidusb.sys
18:53:59.0317 9604  HidUsb - ok
18:53:59.0364 9604  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
18:53:59.0364 9604  hkmsvc - ok
18:53:59.0410 9604  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
18:53:59.0426 9604  HomeGroupListener - ok
18:53:59.0473 9604  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
18:53:59.0488 9604  HomeGroupProvider - ok
18:53:59.0551 9604  [ 58C91CCA61A948DC6E789C93C05A1D6F ] HP Health Check Service C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
18:53:59.0551 9604  HP Health Check Service - ok
18:53:59.0598 9604  [ 9AF482D058BE59CC28BCE52E7C4B747C ] HpqKbFiltr      C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
18:53:59.0598 9604  HpqKbFiltr - ok
18:53:59.0644 9604  [ FDF273A845F1FFCCEADF363AAF47582F ] hpqwmiex        C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
18:53:59.0660 9604  hpqwmiex - ok
18:53:59.0691 9604  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
18:53:59.0691 9604  HpSAMD - ok
18:53:59.0754 9604  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
18:53:59.0769 9604  HTTP - ok
18:53:59.0800 9604  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
18:53:59.0816 9604  hwpolicy - ok
18:53:59.0925 9604  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
18:53:59.0941 9604  i8042prt - ok
18:54:00.0019 9604  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
18:54:00.0034 9604  iaStorV - ok
18:54:00.0066 9604  [ DAF66902F08796F9C694901660E5A64A ] IDriverT        C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
18:54:00.0066 9604  IDriverT - ok
18:54:00.0159 9604  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
18:54:00.0175 9604  idsvc - ok
18:54:00.0783 9604  [ A87261EF1546325B559374F5689CF5BC ] igfx            C:\Windows\system32\DRIVERS\igdkmd64.sys
18:54:01.0064 9604  igfx - ok
18:54:01.0329 9604  [ 23E1BCADABE423C35C19BBDFF10CCE6D ] IHA_MessageCenter C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe
18:54:01.0345 9604  IHA_MessageCenter - ok
18:54:01.0392 9604  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
18:54:01.0392 9604  iirsp - ok
18:54:01.0485 9604  [ AD5DF6F4FBBC798636EDC66BFEC7D0DE ] IJPLMSVC        C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
18:54:01.0501 9604  IJPLMSVC - ok
18:54:01.0563 9604  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
18:54:01.0579 9604  IKEEXT - ok
18:54:01.0657 9604  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
18:54:01.0657 9604  intelide - ok
18:54:01.0688 9604  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
18:54:01.0688 9604  intelppm - ok
18:54:01.0735 9604  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
18:54:01.0735 9604  IPBusEnum - ok
18:54:01.0828 9604  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:54:01.0828 9604  IpFilterDriver - ok
18:54:01.0875 9604  [ 08C2957BB30058E663720C5606885653 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
18:54:01.0891 9604  iphlpsvc - ok
18:54:01.0922 9604  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
18:54:01.0938 9604  IPMIDRV - ok
18:54:01.0969 9604  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
18:54:01.0969 9604  IPNAT - ok
18:54:02.0109 9604  [ 6E50CFA46527B39015B750AAD161C5CC ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
18:54:02.0109 9604  iPod Service - ok
18:54:02.0187 9604  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
18:54:02.0187 9604  IRENUM - ok
18:54:02.0218 9604  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
18:54:02.0218 9604  isapnp - ok
18:54:02.0234 9604  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
18:54:02.0296 9604  iScsiPrt - ok
18:54:02.0343 9604  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\drivers\kbdclass.sys
18:54:02.0343 9604  kbdclass - ok
18:54:02.0437 9604  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
18:54:02.0452 9604  kbdhid - ok
18:54:02.0484 9604  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
18:54:02.0484 9604  KeyIso - ok
18:54:02.0499 9604  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
18:54:02.0515 9604  KSecDD - ok
18:54:02.0577 9604  [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
18:54:02.0577 9604  KSecPkg - ok
18:54:02.0624 9604  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
18:54:02.0671 9604  ksthunk - ok
18:54:02.0811 9604  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
18:54:02.0811 9604  KtmRm - ok
18:54:02.0889 9604  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\System32\srvsvc.dll
18:54:02.0905 9604  LanmanServer - ok
18:54:02.0952 9604  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
18:54:02.0952 9604  LanmanWorkstation - ok
18:54:03.0045 9604  [ AC2E68E3421AF857B8D438414E7AE31C ] LightScribeService C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
18:54:03.0045 9604  LightScribeService - ok
18:54:03.0092 9604  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
18:54:03.0108 9604  lltdio - ok
18:54:03.0170 9604  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
18:54:03.0232 9604  lltdsvc - ok
18:54:03.0264 9604  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
18:54:03.0264 9604  lmhosts - ok
18:54:03.0310 9604  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
18:54:03.0310 9604  LSI_FC - ok
18:54:03.0373 9604  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
18:54:03.0373 9604  LSI_SAS - ok
18:54:03.0404 9604  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
18:54:03.0404 9604  LSI_SAS2 - ok
18:54:03.0498 9604  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
18:54:03.0513 9604  LSI_SCSI - ok
18:54:03.0560 9604  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
18:54:03.0638 9604  luafv - ok
18:54:03.0685 9604  [ 0BB97D43299910CBFBA59C461B99B910 ] MBAMProtector   C:\Windows\system32\drivers\mbam.sys
18:54:03.0685 9604  MBAMProtector - ok
18:54:03.0794 9604  [ 65085456FD9A74D7F1A999520C299ECB ] MBAMScheduler   C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
18:54:03.0810 9604  MBAMScheduler - ok
18:54:03.0888 9604  [ E0D7732F2D2E24B2DB3F67B6750295B8 ] MBAMService     C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
18:54:03.0888 9604  MBAMService - ok
18:54:03.0966 9604  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
18:54:03.0981 9604  Mcx2Svc - ok
18:54:04.0044 9604  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
18:54:04.0059 9604  megasas - ok
18:54:04.0090 9604  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
18:54:04.0106 9604  MegaSR - ok
18:54:04.0215 9604  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
18:54:04.0231 9604  MMCSS - ok
18:54:04.0278 9604  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
18:54:04.0278 9604  Modem - ok
18:54:04.0324 9604  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
18:54:04.0324 9604  monitor - ok
18:54:04.0387 9604  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
18:54:04.0402 9604  mouclass - ok
18:54:04.0449 9604  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
18:54:04.0449 9604  mouhid - ok
18:54:04.0480 9604  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
18:54:04.0512 9604  mountmgr - ok
18:54:04.0636 9604  [ FC1D590039EF06A381768710E6C07E75 ] MpFilter        C:\Windows\system32\DRIVERS\MpFilter.sys
18:54:04.0652 9604  MpFilter - ok
18:54:04.0699 9604  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
18:54:04.0824 9604  mpio - ok
18:54:04.0886 9604  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
18:54:04.0886 9604  mpsdrv - ok
18:54:04.0964 9604  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
18:54:04.0980 9604  MpsSvc - ok
18:54:05.0011 9604  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
18:54:05.0011 9604  MRxDAV - ok
18:54:05.0058 9604  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
18:54:05.0058 9604  mrxsmb - ok
18:54:05.0120 9604  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:54:05.0136 9604  mrxsmb10 - ok
18:54:05.0214 9604  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:54:05.0229 9604  mrxsmb20 - ok
18:54:05.0276 9604  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
18:54:05.0276 9604  msahci - ok
18:54:05.0338 9604  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
18:54:05.0338 9604  msdsm - ok
18:54:05.0432 9604  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
18:54:05.0432 9604  MSDTC - ok
18:54:05.0463 9604  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
18:54:05.0463 9604  Msfs - ok
18:54:05.0510 9604  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
18:54:05.0510 9604  mshidkmdf - ok
18:54:05.0541 9604  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
18:54:05.0541 9604  msisadrv - ok
18:54:05.0572 9604  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
18:54:05.0588 9604  MSiSCSI - ok
18:54:05.0588 9604  msiserver - ok
18:54:05.0635 9604  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
18:54:05.0635 9604  MSKSSRV - ok
18:54:05.0697 9604  [ 66238063B53E51ADDA16764BAB9A3F7C ] MsMpSvc         c:\Program Files\Microsoft Security Client\MsMpEng.exe
18:54:05.0697 9604  MsMpSvc - ok
18:54:05.0728 9604  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
18:54:05.0775 9604  MSPCLOCK - ok
18:54:05.0822 9604  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
18:54:05.0822 9604  MSPQM - ok
18:54:05.0962 9604  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
18:54:06.0009 9604  MsRPC - ok
18:54:06.0056 9604  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
18:54:06.0056 9604  mssmbios - ok
18:54:06.0087 9604  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
18:54:06.0087 9604  MSTEE - ok
18:54:06.0118 9604  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
18:54:06.0134 9604  MTConfig - ok
18:54:06.0165 9604  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
18:54:06.0165 9604  Mup - ok
18:54:06.0212 9604  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
18:54:06.0212 9604  napagent - ok
18:54:06.0274 9604  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
18:54:06.0274 9604  NativeWifiP - ok
18:54:06.0368 9604  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\Windows\system32\drivers\ndis.sys
18:54:06.0399 9604  NDIS - ok
18:54:06.0430 9604  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
18:54:06.0430 9604  NdisCap - ok
18:54:06.0477 9604  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
18:54:06.0493 9604  NdisTapi - ok
18:54:06.0571 9604  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
18:54:06.0571 9604  Ndisuio - ok
18:54:06.0633 9604  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
18:54:06.0727 9604  NdisWan - ok
18:54:06.0789 9604  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
18:54:06.0789 9604  NDProxy - ok
18:54:06.0852 9604  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
18:54:06.0852 9604  NetBIOS - ok
18:54:06.0976 9604  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
18:54:06.0976 9604  NetBT - ok
18:54:07.0023 9604  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
18:54:07.0023 9604  Netlogon - ok
18:54:07.0273 9604  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
18:54:07.0289 9604  Netman - ok
18:54:07.0335 9604  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:54:07.0429 9604  NetMsmqActivator - ok
18:54:07.0523 9604  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:54:07.0523 9604  NetPipeActivator - ok
18:54:07.0757 9604  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
18:54:07.0803 9604  netprofm - ok
18:54:07.0850 9604  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:54:07.0850 9604  NetTcpActivator - ok
18:54:07.0866 9604  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:54:07.0866 9604  NetTcpPortSharing - ok
18:54:08.0147 9604  [ 64428DFDAF6E88366CB51F45A79C5F69 ] netw5v64        C:\Windows\system32\DRIVERS\netw5v64.sys
18:54:08.0271 9604  netw5v64 - ok
18:54:08.0318 9604  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
18:54:08.0318 9604  nfrd960 - ok
18:54:08.0349 9604  [ 8FB3C853E886E1E4D57271672486111C ] NisDrv          C:\Windows\system32\DRIVERS\NisDrvWFP.sys
18:54:08.0349 9604  NisDrv - ok
18:54:08.0474 9604  [ 869A808253726EA11939EC4FE76346A4 ] NisSrv          c:\Program Files\Microsoft Security Client\NisSrv.exe
18:54:08.0474 9604  NisSrv - ok
18:54:08.0521 9604  [ 8AD77806D336673F270DB31645267293 ] NlaSvc          C:\Windows\System32\nlasvc.dll
18:54:08.0521 9604  NlaSvc - ok
18:54:08.0568 9604  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
18:54:08.0583 9604  Npfs - ok
18:54:08.0599 9604  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
18:54:08.0615 9604  nsi - ok
18:54:08.0630 9604  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
18:54:08.0630 9604  nsiproxy - ok
18:54:08.0958 9604  [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
18:54:09.0005 9604  Ntfs - ok
18:54:09.0285 9604  [ D4012918D3A3847B44B888D56BC095D6 ] NuidFltr        C:\Windows\system32\DRIVERS\NuidFltr.sys
18:54:09.0317 9604  NuidFltr - ok
18:54:09.0363 9604  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
18:54:09.0363 9604  Null - ok
18:54:09.0441 9604  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
18:54:09.0457 9604  nvraid - ok
18:54:09.0551 9604  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
18:54:09.0566 9604  nvstor - ok
18:54:09.0597 9604  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
18:54:09.0597 9604  nv_agp - ok
18:54:09.0753 9604  [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv          C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
18:54:09.0769 9604  odserv - ok
18:54:09.0909 9604  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
18:54:09.0909 9604  ohci1394 - ok
18:54:09.0956 9604  [ 5A432A042DAE460ABE7199B758E8606C ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
18:54:09.0956 9604  ose - ok
18:54:10.0019 9604  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
18:54:10.0034 9604  p2pimsvc - ok
18:54:10.0081 9604  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
18:54:10.0097 9604  p2psvc - ok
18:54:10.0112 9604  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
18:54:10.0112 9604  Parport - ok
18:54:10.0143 9604  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\Windows\system32\drivers\partmgr.sys
18:54:10.0143 9604  partmgr - ok
18:54:10.0206 9604  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
18:54:10.0206 9604  PcaSvc - ok
18:54:10.0253 9604  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\Windows\system32\drivers\pci.sys
18:54:10.0253 9604  pci - ok
18:54:10.0315 9604  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
18:54:10.0315 9604  pciide - ok
18:54:10.0377 9604  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
18:54:10.0377 9604  pcmcia - ok
18:54:10.0424 9604  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
18:54:10.0455 9604  pcw - ok
18:54:10.0487 9604  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
18:54:10.0502 9604  PEAUTH - ok
18:54:11.0157 9604  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
18:54:11.0157 9604  PerfHost - ok
18:54:11.0235 9604  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll
18:54:11.0267 9604  pla - ok
18:54:11.0345 9604  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
18:54:11.0391 9604  PlugPlay - ok
18:54:11.0454 9604  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
18:54:11.0454 9604  PNRPAutoReg - ok
18:54:11.0501 9604  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
18:54:11.0501 9604  PNRPsvc - ok
18:54:11.0563 9604  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
18:54:11.0579 9604  PolicyAgent - ok
18:54:11.0657 9604  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
18:54:11.0688 9604  Power - ok
18:54:11.0703 9604  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
18:54:11.0703 9604  PptpMiniport - ok
18:54:11.0766 9604  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\DRIVERS\processr.sys
18:54:11.0766 9604  Processor - ok
18:54:11.0797 9604  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\Windows\system32\profsvc.dll
18:54:11.0797 9604  ProfSvc - ok
18:54:11.0828 9604  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
18:54:11.0828 9604  ProtectedStorage - ok
18:54:11.0937 9604  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
18:54:11.0937 9604  Psched - ok
18:54:12.0031 9604  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
18:54:12.0047 9604  ql2300 - ok
18:54:12.0062 9604  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
18:54:12.0062 9604  ql40xx - ok
18:54:12.0140 9604  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
18:54:12.0156 9604  QWAVE - ok
18:54:12.0203 9604  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
18:54:12.0234 9604  QWAVEdrv - ok
18:54:12.0281 9604  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
18:54:12.0281 9604  RasAcd - ok
18:54:12.0296 9604  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
18:54:12.0296 9604  RasAgileVpn - ok
18:54:12.0343 9604  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
18:54:12.0343 9604  RasAuto - ok
18:54:12.0390 9604  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
18:54:12.0390 9604  Rasl2tp - ok
18:54:12.0452 9604  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
18:54:12.0452 9604  RasMan - ok
18:54:12.0483 9604  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
18:54:12.0483 9604  RasPppoe - ok
18:54:12.0530 9604  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
18:54:12.0530 9604  RasSstp - ok
18:54:12.0655 9604  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
18:54:12.0686 9604  rdbss - ok
18:54:12.0733 9604  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
18:54:12.0749 9604  rdpbus - ok
18:54:12.0795 9604  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
18:54:12.0983 9604  RDPCDD - ok
18:54:13.0029 9604  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
18:54:13.0061 9604  RDPENCDD - ok
18:54:13.0139 9604  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
18:54:13.0139 9604  RDPREFMP - ok
18:54:13.0295 9604  [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
18:54:13.0326 9604  RdpVideoMiniport - ok
18:54:13.0404 9604  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
18:54:13.0731 9604  RDPWD - ok
18:54:13.0825 9604  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
18:54:13.0841 9604  rdyboost - ok
18:54:13.0872 9604  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
18:54:13.0887 9604  RemoteAccess - ok
18:54:13.0919 9604  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
18:54:13.0919 9604  RemoteRegistry - ok
18:54:13.0965 9604  [ 9C3AC71A9934B884FAC567A8807E9C4D ] Revoflt         C:\Windows\system32\DRIVERS\revoflt.sys
18:54:13.0981 9604  Revoflt - ok
18:54:14.0293 9604  [ 498EB62A160674E793FA40FD65390625 ] RichVideo       C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
18:54:14.0309 9604  RichVideo - ok
18:54:14.0340 9604  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
18:54:14.0340 9604  RpcEptMapper - ok
18:54:14.0387 9604  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
18:54:14.0387 9604  RpcLocator - ok
18:54:14.0465 9604  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\Windows\system32\rpcss.dll
18:54:14.0480 9604  RpcSs - ok
18:54:14.0511 9604  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
18:54:14.0511 9604  rspndr - ok
18:54:14.0652 9604  [ A5DF2F732A6C95554E548FCB6932BD31 ] RSUSBSTOR       C:\Windows\system32\Drivers\RtsUStor.sys
18:54:14.0714 9604  RSUSBSTOR - ok
18:54:14.0761 9604  [ B49DC435AE3695BAC5623DD94B05732D ] RTL8167         C:\Windows\system32\DRIVERS\Rt64win7.sys
18:54:14.0777 9604  RTL8167 - ok
18:54:14.0792 9604  RtsUIR - ok
18:54:14.0964 9604  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\Windows\system32\lsass.exe
18:54:14.0979 9604  SamSs - ok
18:54:15.0042 9604  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
18:54:15.0073 9604  sbp2port - ok
18:54:15.0120 9604  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
18:54:15.0151 9604  SCardSvr - ok
18:54:15.0198 9604  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
18:54:15.0198 9604  scfilter - ok
18:54:15.0650 9604  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
18:54:15.0697 9604  Schedule - ok
18:54:15.0728 9604  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows\System32\certprop.dll
18:54:15.0728 9604  SCPolicySvc - ok
18:54:15.0775 9604  [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus           C:\Windows\system32\drivers\sdbus.sys
18:54:15.0791 9604  sdbus - ok
18:54:15.0837 9604  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
18:54:15.0869 9604  SDRSVC - ok
18:54:15.0978 9604  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
18:54:15.0978 9604  secdrv - ok
18:54:16.0149 9604  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
18:54:16.0181 9604  seclogon - ok
18:54:16.0305 9604  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\system32\sens.dll
18:54:16.0305 9604  SENS - ok
18:54:16.0352 9604  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
18:54:16.0352 9604  SensrSvc - ok
18:54:16.0399 9604  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
18:54:16.0399 9604  Serenum - ok
18:54:16.0430 9604  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
18:54:16.0461 9604  Serial - ok
18:54:16.0493 9604  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
18:54:16.0508 9604  sermouse - ok
18:54:16.0571 9604  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
18:54:16.0586 9604  SessionEnv - ok
18:54:16.0820 9604  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
18:54:16.0883 9604  sffdisk - ok
18:54:16.0976 9604  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
18:54:16.0992 9604  sffp_mmc - ok
18:54:17.0023 9604  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
18:54:17.0070 9604  sffp_sd - ok
18:54:17.0351 9604  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
18:54:17.0351 9604  sfloppy - ok
18:54:17.0631 9604  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
18:54:17.0678 9604  SharedAccess - ok
18:54:17.0772 9604  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
18:54:17.0787 9604  ShellHWDetection - ok
18:54:17.0881 9604  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
18:54:17.0881 9604  SiSRaid2 - ok
18:54:18.0053 9604  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
18:54:18.0084 9604  SiSRaid4 - ok
18:54:18.0131 9604  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
18:54:18.0146 9604  Smb - ok
18:54:18.0224 9604  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
18:54:18.0240 9604  SNMPTRAP - ok
18:54:18.0287 9604  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
18:54:18.0287 9604  spldr - ok
18:54:18.0583 9604  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler         C:\Windows\System32\spoolsv.exe
18:54:18.0630 9604  Spooler - ok
18:54:19.0301 9604  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
18:54:19.0347 9604  sppsvc - ok
18:54:19.0581 9604  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
18:54:19.0581 9604  sppuinotify - ok
18:54:19.0628 9604  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\Windows\system32\DRIVERS\srv.sys
18:54:19.0644 9604  srv - ok
18:54:19.0706 9604  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
18:54:19.0722 9604  srv2 - ok
18:54:19.0831 9604  [ 0C4540311E11664B245A263E1154CEF8 ] SrvHsfHDA       C:\Windows\system32\DRIVERS\VSTAZL6.SYS
18:54:19.0831 9604  SrvHsfHDA - ok
18:54:19.0909 9604  [ 02071D207A9858FBE3A48CBFD59C4A04 ] SrvHsfV92       C:\Windows\system32\DRIVERS\VSTDPV6.SYS
18:54:19.0956 9604  SrvHsfV92 - ok
18:54:20.0018 9604  [ 18E40C245DBFAF36FD0134A7EF2DF396 ] SrvHsfWinac     C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
18:54:20.0034 9604  SrvHsfWinac - ok
18:54:20.0065 9604  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
18:54:20.0065 9604  srvnet - ok
18:54:20.0174 9604  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
18:54:20.0190 9604  SSDPSRV - ok
18:54:20.0237 9604  [ 1100066057FBF612B573EFD3B21383F1 ] ssmirrdr        C:\Windows\system32\DRIVERS\ssmirrdr.sys
18:54:20.0237 9604  ssmirrdr - ok
18:54:20.0283 9604  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
18:54:20.0283 9604  SstpSvc - ok
18:54:20.0424 9604  [ 810199DCC3BDC38304D7D649992EA7BC ] STacSV          C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\STacSV64.exe
18:54:20.0439 9604  STacSV - ok
18:54:20.0517 9604  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
18:54:20.0533 9604  stexstor - ok
18:54:20.0595 9604  [ ED1722F43CE61409EF68340402D6267D ] STHDA           C:\Windows\system32\DRIVERS\stwrt64.sys
18:54:20.0611 9604  STHDA - ok
18:54:20.0845 9604  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
18:54:20.0954 9604  stisvc - ok
18:54:20.0985 9604  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\drivers\swenum.sys
18:54:21.0001 9604  swenum - ok
18:54:21.0219 9604  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
18:54:21.0251 9604  swprv - ok
18:54:21.0516 9604  [ AC3CC98B1BDB6540021D3FFB105AC2B9 ] SynTP           C:\Windows\system32\DRIVERS\SynTP.sys
18:54:21.0531 9604  SynTP - ok
18:54:21.0609 9604  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\Windows\system32\sysmain.dll
18:54:21.0672 9604  SysMain - ok
18:54:21.0687 9604  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
18:54:21.0703 9604  TabletInputService - ok
18:54:21.0734 9604  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll
18:54:21.0734 9604  TapiSrv - ok
18:54:21.0750 9604  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
18:54:21.0750 9604  TBS - ok
18:54:21.0828 9604  [ DB74544B75566C974815E79A62433F29 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
18:54:21.0875 9604  Tcpip - ok
18:54:21.0984 9604  [ DB74544B75566C974815E79A62433F29 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
18:54:22.0015 9604  TCPIP6 - ok
18:54:22.0046 9604  [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
18:54:22.0062 9604  tcpipreg - ok
18:54:22.0077 9604  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
18:54:22.0093 9604  TDPIPE - ok
18:54:22.0140 9604  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
18:54:22.0155 9604  TDTCP - ok
18:54:22.0187 9604  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
18:54:22.0187 9604  tdx - ok
18:54:22.0389 9604  [ 57DDE1395F86EE048AB25717EEB8CAEB ] TeamViewer8     C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
18:54:22.0436 9604  TeamViewer8 - ok
18:54:22.0467 9604  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\drivers\termdd.sys
18:54:22.0483 9604  TermDD - ok
18:54:22.0623 9604  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\Windows\System32\termsrv.dll
18:54:22.0670 9604  TermService - ok
18:54:22.0857 9604  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
18:54:22.0889 9604  Themes - ok
18:54:22.0935 9604  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
18:54:22.0935 9604  THREADORDER - ok
18:54:22.0982 9604  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
18:54:22.0982 9604  TrkWks - ok
18:54:23.0060 9604  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
18:54:23.0091 9604  TrustedInstaller - ok
18:54:23.0294 9604  [ 4CE278FC9671BA81A138D70823FCAA09 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
18:54:23.0294 9604  tssecsrv - ok
18:54:23.0325 9604  [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
18:54:23.0325 9604  TsUsbFlt - ok
18:54:23.0372 9604  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
18:54:23.0372 9604  tunnel - ok
18:54:23.0403 9604  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
18:54:23.0419 9604  uagp35 - ok
18:54:23.0450 9604  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
18:54:23.0466 9604  udfs - ok
18:54:23.0497 9604  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
18:54:23.0497 9604  UI0Detect - ok
18:54:23.0606 9604  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
18:54:23.0622 9604  uliagpkx - ok
18:54:23.0669 9604  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
18:54:23.0669 9604  umbus - ok
18:54:23.0700 9604  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
18:54:23.0700 9604  UmPass - ok
18:54:23.0731 9604  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
18:54:23.0731 9604  upnphost - ok
18:54:23.0778 9604  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp         C:\Windows\system32\drivers\usbccgp.sys
18:54:23.0778 9604  usbccgp - ok
18:54:23.0778 9604  USBCCID - ok
18:54:23.0825 9604  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
18:54:23.0825 9604  usbcir - ok
18:54:23.0871 9604  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
18:54:24.0027 9604  usbehci - ok
18:54:24.0043 9604  [ 44D9C773FEBFF10593B50DDFC2D6BC27 ] usbfilter       C:\Windows\system32\DRIVERS\usbfilter.sys
18:54:24.0043 9604  usbfilter - ok
18:54:24.0105 9604  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
18:54:24.0121 9604  usbhub - ok
18:54:24.0168 9604  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci         C:\Windows\system32\DRIVERS\usbohci.sys
18:54:24.0168 9604  usbohci - ok
18:54:24.0199 9604  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
18:54:24.0199 9604  usbprint - ok
18:54:24.0246 9604  [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
18:54:24.0246 9604  usbscan - ok
18:54:24.0293 9604  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:54:24.0293 9604  USBSTOR - ok
18:54:24.0324 9604  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
18:54:24.0339 9604  usbuhci - ok
18:54:24.0511 9604  [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo        C:\Windows\System32\Drivers\usbvideo.sys
18:54:24.0511 9604  usbvideo - ok
18:54:24.0542 9604  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
18:54:24.0573 9604  UxSms - ok
18:54:24.0605 9604  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
18:54:24.0605 9604  VaultSvc - ok
18:54:24.0620 9604  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
18:54:24.0636 9604  vdrvroot - ok
18:54:24.0761 9604  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\Windows\System32\vds.exe
18:54:24.0761 9604  vds - ok
18:54:24.0839 9604  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
18:54:24.0854 9604  vga - ok
18:54:24.0870 9604  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
18:54:24.0885 9604  VgaSave - ok
18:54:24.0979 9604  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
18:54:25.0041 9604  vhdmp - ok
18:54:25.0353 9604  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
18:54:25.0369 9604  viaide - ok
18:54:25.0400 9604  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
18:54:25.0416 9604  volmgr - ok
18:54:25.0478 9604  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
18:54:25.0478 9604  volmgrx - ok
18:54:25.0556 9604  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
18:54:25.0665 9604  volsnap - ok
18:54:25.0775 9604  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
18:54:25.0790 9604  vsmraid - ok
18:54:25.0946 9604  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe
18:54:25.0993 9604  VSS - ok
18:54:26.0024 9604  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
18:54:26.0024 9604  vwifibus - ok
18:54:26.0040 9604  [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
18:54:26.0040 9604  vwififlt - ok
18:54:26.0055 9604  [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp         C:\Windows\system32\DRIVERS\vwifimp.sys
18:54:26.0055 9604  vwifimp - ok
18:54:26.0180 9604  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
18:54:26.0196 9604  W32Time - ok
18:54:26.0258 9604  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
18:54:26.0258 9604  WacomPen - ok
18:54:26.0321 9604  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
18:54:26.0321 9604  WANARP - ok
18:54:26.0336 9604  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
18:54:26.0336 9604  Wanarpv6 - ok
18:54:26.0399 9604  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
18:54:26.0430 9604  WatAdminSvc - ok
18:54:26.0664 9604  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
18:54:26.0695 9604  wbengine - ok
18:54:26.0742 9604  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
18:54:26.0773 9604  WbioSrvc - ok
18:54:26.0882 9604  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll
18:54:26.0913 9604  wcncsvc - ok
18:54:26.0945 9604  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
18:54:26.0991 9604  WcsPlugInService - ok
18:54:27.0038 9604  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\DRIVERS\wd.sys
18:54:27.0054 9604  Wd - ok
18:54:27.0397 9604  [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
18:54:27.0428 9604  Wdf01000 - ok
18:54:27.0459 9604  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
18:54:27.0615 9604  WdiServiceHost - ok
18:54:27.0631 9604  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
18:54:27.0631 9604  WdiSystemHost - ok
18:54:27.0693 9604  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\Windows\System32\webclnt.dll
18:54:27.0725 9604  WebClient - ok
18:54:27.0740 9604  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
18:54:27.0756 9604  Wecsvc - ok
18:54:27.0771 9604  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
18:54:27.0787 9604  wercplsupport - ok
18:54:27.0818 9604  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
18:54:27.0818 9604  WerSvc - ok
18:54:27.0865 9604  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
18:54:27.0865 9604  WfpLwf - ok
18:54:28.0037 9604  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
18:54:28.0037 9604  WIMMount - ok
18:54:28.0083 9604  WinDefend - ok
18:54:28.0099 9604  WinHttpAutoProxySvc - ok
18:54:28.0161 9604  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
18:54:28.0177 9604  Winmgmt - ok
18:54:28.0286 9604  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\Windows\system32\WsmSvc.dll
18:54:28.0333 9604  WinRM - ok
18:54:28.0473 9604  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
18:54:28.0505 9604  Wlansvc - ok
18:54:28.0583 9604  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
18:54:28.0583 9604  WmiAcpi - ok
18:54:28.0629 9604  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
18:54:28.0645 9604  wmiApSrv - ok
18:54:28.0739 9604  WMPNetworkSvc - ok
18:54:28.0754 9604  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
18:54:28.0770 9604  WPCSvc - ok
18:54:28.0879 9604  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
18:54:28.0926 9604  WPDBusEnum - ok
18:54:28.0973 9604  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
18:54:28.0988 9604  ws2ifsl - ok
18:54:29.0051 9604  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\system32\wscsvc.dll
18:54:29.0051 9604  wscsvc - ok
18:54:29.0097 9604  [ 8D918B1DB190A4D9B1753A66FA8C96E8 ] WSDPrintDevice  C:\Windows\system32\DRIVERS\WSDPrint.sys
18:54:29.0113 9604  WSDPrintDevice - ok
18:54:29.0113 9604  WSearch - ok
18:54:29.0893 9604  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
18:54:29.0955 9604  wuauserv - ok
18:54:29.0987 9604  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
18:54:30.0002 9604  WudfPf - ok
18:54:30.0018 9604  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
18:54:30.0299 9604  WUDFRd - ok
18:54:30.0345 9604  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
18:54:30.0345 9604  wudfsvc - ok
18:54:30.0377 9604  [ FE90B750AB808FB9DD8FBB428B5FF83B ] WwanSvc         C:\Windows\System32\wwansvc.dll
18:54:30.0392 9604  WwanSvc - ok
18:54:30.0439 9604  [ B3EEACF62445E24FBB2CD4B0FB4DB026 ] yukonw7         C:\Windows\system32\DRIVERS\yk62x64.sys
18:54:30.0439 9604  yukonw7 - ok
18:54:30.0455 9604  ================ Scan global ===============================
18:54:30.0548 9604  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
18:54:30.0595 9604  [ 88EDD0B34EED542745931E581AD21A32 ] C:\Windows\system32\winsrv.dll
18:54:30.0642 9604  [ 88EDD0B34EED542745931E581AD21A32 ] C:\Windows\system32\winsrv.dll
18:54:30.0689 9604  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
18:54:31.0001 9604  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
18:54:31.0016 9604  [Global] - ok
18:54:31.0016 9604  ================ Scan MBR ==================================
18:54:31.0032 9604  [ D9C369DDA37A0CC44A095EF41713790A ] \Device\Harddisk0\DR0
18:54:32.0389 9604  \Device\Harddisk0\DR0 - ok
18:54:32.0389 9604  ================ Scan VBR ==================================
18:54:32.0420 9604  [ F7A343BC4ECCBB21B282A852D9263D23 ] \Device\Harddisk0\DR0\Partition1
18:54:32.0420 9604  \Device\Harddisk0\DR0\Partition1 - ok
18:54:32.0436 9604  [ 4D649CAD17182D4089A68ABA2A801DF4 ] \Device\Harddisk0\DR0\Partition2
18:54:32.0436 9604  \Device\Harddisk0\DR0\Partition2 - ok
18:54:32.0467 9604  [ 1C2922929F8389B398440B6FAF3DF74A ] \Device\Harddisk0\DR0\Partition3
18:54:32.0467 9604  \Device\Harddisk0\DR0\Partition3 - ok
18:54:32.0498 9604  [ 9EF78BCBF4400791BFDE8EE643E486B9 ] \Device\Harddisk0\DR0\Partition4
18:54:32.0498 9604  \Device\Harddisk0\DR0\Partition4 - ok
18:54:32.0498 9604  ============================================================
18:54:32.0498 9604  Scan finished
18:54:32.0498 9604  ============================================================
18:54:32.0514 8736  Detected object count: 0
18:54:32.0514 8736  Actual detected object count: 0
18:54:39.0503 5560  Deinitialize success
 



#15 pithblitz

pithblitz
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:02:52 AM

Posted 19 September 2013 - 08:14 AM

ComboFix 13-09-17.01 - Sandra 09/18/2013  19:02:15.2.2 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.2812.677 [GMT -4:00]
Running from: c:\users\Sandra\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((   Files Created from 2013-08-18 to 2013-09-18  )))))))))))))))))))))))))))))))
.
.
2013-09-18 23:11 . 2013-09-18 23:11 -------- d-----w- c:\users\Judy\AppData\Local\temp
2013-09-18 23:11 . 2013-09-18 23:11 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-09-18 20:49 . 2013-09-18 20:49 -------- d-----w- C:\FRST
2013-09-18 19:48 . 2013-09-05 05:32 9694160 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9C3EE42B-D5F7-4200-8A7F-F96C17E34961}\mpengine.dll
2013-09-17 22:46 . 2013-09-18 18:52 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2013-09-17 22:27 . 2013-09-17 22:30 -------- d-----w- C:\AdwCleaner
2013-09-17 16:25 . 2013-09-05 05:32 9694160 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-09-12 05:21 . 2013-07-26 02:24 14172672 ----a-w- c:\windows\system32\shell32.dll
2013-09-12 05:21 . 2013-07-26 02:24 197120 ----a-w- c:\windows\system32\shdocvw.dll
2013-09-11 14:39 . 2013-08-05 02:25 155584 ----a-w- c:\windows\system32\drivers\ataport.sys
2013-09-11 14:39 . 2013-08-02 01:59 3968960 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-09-11 14:39 . 2013-08-02 02:23 5550528 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-09-11 14:39 . 2013-08-02 01:59 3913664 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-09-11 14:39 . 2013-08-02 02:15 1732032 ----a-w- c:\windows\system32\ntdll.dll
2013-09-11 14:39 . 2013-08-02 02:13 424448 ----a-w- c:\windows\system32\KernelBase.dll
2013-09-11 14:39 . 2013-08-02 01:51 1292192 ----a-w- c:\windows\SysWow64\ntdll.dll
2013-09-11 14:39 . 2013-08-02 02:15 243712 ----a-w- c:\windows\system32\wow64.dll
2013-09-11 14:39 . 2013-08-02 02:13 1161216 ----a-w- c:\windows\system32\kernel32.dll
2013-09-11 14:39 . 2013-08-02 01:50 274944 ----a-w- c:\windows\SysWow64\KernelBase.dll
2013-09-11 14:39 . 2013-08-02 00:59 112640 ----a-w- c:\windows\system32\smss.exe
2013-09-11 14:36 . 2013-08-08 01:20 3155456 ----a-w- c:\windows\system32\win32k.sys
2013-09-08 03:23 . 2013-09-08 03:23 -------- d-----w- c:\programdata\Recovery
2013-09-07 23:29 . 2013-09-07 23:29 229984 ----a-w- c:\windows\system32\drivers\07433205.sys
2013-09-06 21:53 . 2013-09-06 21:53 965008 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{48C0B5B7-B88F-48F1-BAAA-AF7143760C85}\gapaengine.dll
2013-09-06 20:23 . 2013-09-07 16:15 -------- d---a-w- C:\Kaspersky Rescue Disk 10.0
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-09-13 20:46 . 2012-07-22 22:36 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-09-13 20:46 . 2012-03-18 23:37 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-09-12 07:34 . 2010-04-12 11:46 79143768 ----a-w- c:\windows\system32\MRT.exe
2013-08-22 12:06 . 2013-03-12 19:33 941720 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2013-08-02 01:48 . 2013-09-11 14:38 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2013-07-25 09:25 . 2013-08-15 12:12 1888768 ----a-w- c:\windows\system32\WMVDECOD.DLL
2013-07-25 08:57 . 2013-08-15 12:12 1620992 ----a-w- c:\windows\SysWow64\WMVDECOD.DLL
2013-07-19 01:58 . 2013-08-15 12:13 2048 ----a-w- c:\windows\system32\tzres.dll
2013-07-19 01:41 . 2013-08-15 12:13 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2013-07-09 05:52 . 2013-08-15 12:13 224256 ----a-w- c:\windows\system32\wintrust.dll
2013-07-09 05:51 . 2013-08-15 12:12 1217024 ----a-w- c:\windows\system32\rpcrt4.dll
2013-07-09 05:46 . 2013-08-15 12:13 1472512 ----a-w- c:\windows\system32\crypt32.dll
2013-07-09 05:46 . 2013-08-15 12:13 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2013-07-09 05:46 . 2013-08-15 12:13 139776 ----a-w- c:\windows\system32\cryptnet.dll
2013-07-09 04:52 . 2013-08-15 12:12 663552 ----a-w- c:\windows\SysWow64\rpcrt4.dll
2013-07-09 04:52 . 2013-08-15 12:13 175104 ----a-w- c:\windows\SysWow64\wintrust.dll
2013-07-09 04:46 . 2013-08-15 12:13 1166848 ----a-w- c:\windows\SysWow64\crypt32.dll
2013-07-09 04:46 . 2013-08-15 12:13 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2013-07-09 04:46 . 2013-08-15 12:13 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2013-07-06 06:03 . 2013-08-15 12:12 1910208 ----a-w- c:\windows\system32\drivers\tcpip.sys
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NortonOnlineBackupReminder"="c:\program files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" [2009-06-29 600936]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"FUFAXRCV"="c:\program files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe" [2012-02-29 502912]
"FUFAXSTM"="c:\program files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe" [2012-02-29 863360]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys;c:\windows\SYSNATIVE\DRIVERS\netw5v64.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys;c:\windows\SYSNATIVE\DRIVERS\revoflt.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x]
R3 ssmirrdr;ssmirrdr;c:\windows\system32\DRIVERS\ssmirrdr.sys;c:\windows\SYSNATIVE\DRIVERS\ssmirrdr.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys;c:\windows\SYSNATIVE\DRIVERS\yk62x64.sys [x]
R4 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe;c:\windows\SYSNATIVE\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe [x]
R4 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
R4 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [x]
R4 EpsonCustomerParticipation;EpsonCustomerParticipation;c:\program files\EPSON\EpsonCustomerParticipation\EPCP.exe;c:\program files\EPSON\EpsonCustomerParticipation\EPCP.exe [x]
R4 IHA_MessageCenter;IHA_MessageCenter;c:\program files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe;c:\program files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [x]
R4 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys;c:\windows\SYSNATIVE\DRIVERS\Rts516xIR.sys [x]
S0 gfibto;gfibto;c:\windows\system32\drivers\gfibto.sys;c:\windows\SYSNATIVE\drivers\gfibto.sys [x]
S2 EpsonScanSvc;Epson Scanner Service;c:\windows\system32\EscSvc64.exe;c:\windows\SYSNATIVE\EscSvc64.exe [x]
S2 TeamViewer8;TeamViewer 8;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 27323387
*Deregistered* - 27323387
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-03-19 15:15 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-09-18 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-22 20:46]
.
2013-09-16 c:\windows\Tasks\HPCeeScheduleForSandra.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2009-10-07 11:22]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-06-21 1356240]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = https://webmail.verizon.net/signin/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.1.1 192.168.1.2
DPF: {8BE5651C-D60B-4B59-B5B2-F0EB93733D17} - hxxps://www36.verizon.com/FiOSVoice/UnProtected/FiosVoiceVMUtil.CAB
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_174_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_174_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_174_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_174_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_174.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_174.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_174.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_174.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-09-18  19:15:08
ComboFix-quarantined-files.txt  2013-09-18 23:15
ComboFix2.txt  2013-09-13 22:23
.
Pre-Run: 179,221,245,952 bytes free
Post-Run: 179,153,625,088 bytes free
.
- - End Of File - - 48C719D2C715F00519A793A767142E82
D9C369DDA37A0CC44A095EF41713790A
 






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users